Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21791 (GCVE-0-2025-21791)
Vulnerability from cvelistv5
Published
2025-02-27 02:18
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vrf: use RCU protection in l3mdev_l3_out()
l3mdev_l3_out() can be called without RCU being held:
raw_sendmsg()
ip_push_pending_frames()
ip_send_skb()
ip_local_out()
__ip_local_out()
l3mdev_ip_out()
Add rcu_read_lock() / rcu_read_unlock() pair to avoid
a potential UAF.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 Version: a8e3e1a9f02094145580ea7920c6a1d9aabd5539 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:57:16.236835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:26.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/l3mdev.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "20a3489b396764cc9376e32a9172bee26a89dc3b",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "5bb4228c32261d06e4fbece37ec3828bcc005b6b",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "c7574740be8ce68a57d0aece24987b9be2114c3c",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "c40cb5c03e37552d6eff963187109e2c3f78ef6f",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "022cac1c693add610ae76ede03adf4d9d5a2cf21",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "7b81425b517accefd46bee854d94954f5c57e019",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
},
{
"lessThan": "6d0ce46a93135d96b7fa075a94a88fe0da8e8773",
"status": "affected",
"version": "a8e3e1a9f02094145580ea7920c6a1d9aabd5539",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/l3mdev.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:18.929Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e"
},
{
"url": "https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b"
},
{
"url": "https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b"
},
{
"url": "https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c"
},
{
"url": "https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f"
},
{
"url": "https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21"
},
{
"url": "https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019"
},
{
"url": "https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773"
}
],
"title": "vrf: use RCU protection in l3mdev_l3_out()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21791",
"datePublished": "2025-02-27T02:18:29.014Z",
"dateReserved": "2024-12-29T08:45:45.766Z",
"dateUpdated": "2025-05-04T07:21:18.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-21791\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-27T03:15:19.970\",\"lastModified\":\"2025-03-13T21:53:49.573\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nvrf: use RCU protection in l3mdev_l3_out()\\n\\nl3mdev_l3_out() can be called without RCU being held:\\n\\nraw_sendmsg()\\n ip_push_pending_frames()\\n ip_send_skb()\\n ip_local_out()\\n __ip_local_out()\\n l3mdev_ip_out()\\n\\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\\na potential UAF.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vrf: usar protecci\u00f3n RCU en l3mdev_l3_out() l3mdev_l3_out() se puede llamar sin que se retenga RCU: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Agregue el par rcu_read_lock() / rcu_read_unlock() para evitar un posible UAF.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9\",\"versionEndExcluding\":\"6.1.129\",\"matchCriteriaId\":\"E1C17A14-0DFF-4500-8A61-0B4CE1F404E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.79\",\"matchCriteriaId\":\"B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.16\",\"matchCriteriaId\":\"13C8DB18-FC60-425F-84E5-3EDDEC61B2FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.4\",\"matchCriteriaId\":\"2A2093ED-74A9-43F9-AC72-50030F374EA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"186716B6-2B66-4BD0-852E-D48E71C0C85F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3E781C-403A-498F-9DA9-ECEE50F41E75\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21791\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-27T17:57:16.236835Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-27T17:57:17.808Z\"}}], \"cna\": {\"title\": \"vrf: use RCU protection in l3mdev_l3_out()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"20a3489b396764cc9376e32a9172bee26a89dc3b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"5bb4228c32261d06e4fbece37ec3828bcc005b6b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"c7574740be8ce68a57d0aece24987b9be2114c3c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"c40cb5c03e37552d6eff963187109e2c3f78ef6f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"022cac1c693add610ae76ede03adf4d9d5a2cf21\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"7b81425b517accefd46bee854d94954f5c57e019\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a8e3e1a9f02094145580ea7920c6a1d9aabd5539\", \"lessThan\": \"6d0ce46a93135d96b7fa075a94a88fe0da8e8773\", \"versionType\": \"git\"}], \"programFiles\": [\"include/net/l3mdev.h\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.9\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.291\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.235\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.179\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.129\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.79\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.16\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"include/net/l3mdev.h\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e\"}, {\"url\": \"https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b\"}, {\"url\": \"https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b\"}, {\"url\": \"https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c\"}, {\"url\": \"https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f\"}, {\"url\": \"https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21\"}, {\"url\": \"https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019\"}, {\"url\": \"https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nvrf: use RCU protection in l3mdev_l3_out()\\n\\nl3mdev_l3_out() can be called without RCU being held:\\n\\nraw_sendmsg()\\n ip_push_pending_frames()\\n ip_send_skb()\\n ip_local_out()\\n __ip_local_out()\\n l3mdev_ip_out()\\n\\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\\na potential UAF.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.291\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.235\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.179\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.129\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.79\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.16\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.4\", \"versionStartIncluding\": \"4.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"4.9\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:21:18.929Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-21791\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:21:18.929Z\", \"dateReserved\": \"2024-12-29T08:45:45.766Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-27T02:18:29.014Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2025:03496-1
Vulnerability from csaf_suse
Published
2025-10-08 13:17
Modified
2025-10-08 13:17
Summary
Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)
Description of the patch
This update for the Linux Kernel 4.12.14-122_247 fixes several issues.
The following security issues were fixed:
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
Patchnames
SUSE-2025-3496,SUSE-SLE-Live-Patching-12-SP5-2025-3496
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_247 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3496,SUSE-SLE-Live-Patching-12-SP5-2025-3496",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03496-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03496-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503496-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03496-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042036.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 65 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-10-08T13:17:47Z",
"generator": {
"date": "2025-10-08T13:17:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03496-1",
"initial_release_date": "2025-10-08T13:17:47Z",
"revision_history": [
{
"date": "2025-10-08T13:17:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_247-default-9-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T13:17:47Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T13:17:47Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_247-default-9-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T13:17:47Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03538-1
Vulnerability from csaf_suse
Published
2025-10-10 18:03
Modified
2025-10-10 18:03
Summary
Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
Description of the patch
This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.
The following security issues were fixed:
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3538,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3538
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3538,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3538",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03538-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03538-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503538-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03538-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042076.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-10-10T18:03:53Z",
"generator": {
"date": "2025-10-10T18:03:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03538-1",
"initial_release_date": "2025-10-10T18:03:53Z",
"revision_history": [
{
"date": "2025-10-10T18:03:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-preempt-12-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-preempt-12-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-preempt-12-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:03:53Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:03:53Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:03:53Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03539-1
Vulnerability from csaf_suse
Published
2025-10-10 18:33
Modified
2025-10-10 18:33
Summary
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
Description of the patch
This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.
The following security issues were fixed:
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3539,SUSE-SLE-Module-Live-Patching-15-SP4-2025-3539
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3539,SUSE-SLE-Module-Live-Patching-15-SP4-2025-3539",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03539-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03539-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503539-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03539-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042075.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233072",
"url": "https://bugzilla.suse.com/1233072"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-10-10T18:33:52Z",
"generator": {
"date": "2025-10-10T18:33:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03539-1",
"initial_release_date": "2025-10-10T18:33:52Z",
"revision_history": [
{
"date": "2025-10-10T18:33:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:33:52Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:33:52Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-10T18:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03469-1
Vulnerability from csaf_suse
Published
2025-10-07 12:40
Modified
2025-10-07 12:40
Summary
Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_10_20 fixes several issues.
The following security issues were fixed:
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3469,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3469
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_20 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3469,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3469",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03469-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03469-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503469-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03469-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042019.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1245509",
"url": "https://bugzilla.suse.com/1245509"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-07T12:40:52Z",
"generator": {
"date": "2025-10-07T12:40:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03469-1",
"initial_release_date": "2025-10-07T12:40:52Z",
"revision_history": [
{
"date": "2025-10-07T12:40:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:40:52Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:40:52Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:40:52Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:40:52Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_20-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:40:52Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03504-1
Vulnerability from csaf_suse
Published
2025-10-09 06:33
Modified
2025-10-09 06:33
Summary
Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
Description of the patch
This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.
The following security issues were fixed:
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3504,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3504
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3504,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3504",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03504-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03504-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503504-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03504-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042039.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-10-09T06:33:52Z",
"generator": {
"date": "2025-10-09T06:33:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03504-1",
"initial_release_date": "2025-10-09T06:33:52Z",
"revision_history": [
{
"date": "2025-10-09T06:33:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-preempt-13-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-preempt-13-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-preempt-13-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:52Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-13-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03465-1
Vulnerability from csaf_suse
Published
2025-10-07 08:23
Modified
2025-10-07 08:23
Summary
Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_10_8 fixes several issues.
The following security issues were fixed:
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3465,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3465
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_8 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3465,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3465",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03465-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03465-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503465-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03465-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042011.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233072",
"url": "https://bugzilla.suse.com/1233072"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1245509",
"url": "https://bugzilla.suse.com/1245509"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-07T08:23:42Z",
"generator": {
"date": "2025-10-07T08:23:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03465-1",
"initial_release_date": "2025-10-07T08:23:42Z",
"revision_history": [
{
"date": "2025-10-07T08:23:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T08:23:42Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T08:23:42Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T08:23:42Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T08:23:42Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T08:23:42Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T08:23:42Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03472-1
Vulnerability from csaf_suse
Published
2025-10-07 13:15
Modified
2025-10-07 13:15
Summary
Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_10_23 fixes several issues.
The following security issues were fixed:
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3472,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3472
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_23 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3472,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3472",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03472-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03472-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503472-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03472-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042017.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1245509",
"url": "https://bugzilla.suse.com/1245509"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-07T13:15:23Z",
"generator": {
"date": "2025-10-07T13:15:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03472-1",
"initial_release_date": "2025-10-07T13:15:23Z",
"revision_history": [
{
"date": "2025-10-07T13:15:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T13:15:23Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T13:15:23Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T13:15:23Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-13-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T13:15:23Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03494-1
Vulnerability from csaf_suse
Published
2025-10-08 12:58
Modified
2025-10-08 12:58
Summary
Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_10_11 fixes several issues.
The following security issues were fixed:
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3494,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3494
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_11 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3494,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3494",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03494-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03494-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503494-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03494-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042035.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233072",
"url": "https://bugzilla.suse.com/1233072"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1245509",
"url": "https://bugzilla.suse.com/1245509"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-08T12:58:55Z",
"generator": {
"date": "2025-10-08T12:58:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03494-1",
"initial_release_date": "2025-10-08T12:58:55Z",
"revision_history": [
{
"date": "2025-10-08T12:58:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T12:58:55Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T12:58:55Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T12:58:55Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T12:58:55Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T12:58:55Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T12:58:55Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03475-1
Vulnerability from csaf_suse
Published
2025-10-07 14:10
Modified
2025-10-07 14:10
Summary
Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)
Description of the patch
This update for the Linux Kernel 4.12.14-122_237 fixes several issues.
The following security issues were fixed:
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
Patchnames
SUSE-2025-3475,SUSE-SLE-Live-Patching-12-SP5-2025-3475
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_237 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3475,SUSE-SLE-Live-Patching-12-SP5-2025-3475",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03475-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03475-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503475-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03475-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042015.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-10-07T14:10:38Z",
"generator": {
"date": "2025-10-07T14:10:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03475-1",
"initial_release_date": "2025-10-07T14:10:38Z",
"revision_history": [
{
"date": "2025-10-07T14:10:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_237-default-12-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T14:10:38Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T14:10:38Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-12-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T14:10:38Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03476-1
Vulnerability from csaf_suse
Published
2025-10-07 15:07
Modified
2025-10-07 15:07
Summary
Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_10_29 fixes several issues.
The following security issues were fixed:
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
Patchnames
SUSE-2025-3476,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3476
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_29 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3476,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3476",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03476-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03476-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503476-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03476-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042014.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1245509",
"url": "https://bugzilla.suse.com/1245509"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-07T15:07:56Z",
"generator": {
"date": "2025-10-07T15:07:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03476-1",
"initial_release_date": "2025-10-07T15:07:56Z",
"revision_history": [
{
"date": "2025-10-07T15:07:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T15:07:56Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T15:07:56Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T15:07:56Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03468-1
Vulnerability from csaf_suse
Published
2025-10-07 12:08
Modified
2025-10-07 12:08
Summary
Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_10_14 fixes several issues.
The following security issues were fixed:
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3468,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3468
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_14 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3468,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3468",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03468-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03468-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503468-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03468-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042020.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233072",
"url": "https://bugzilla.suse.com/1233072"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1245509",
"url": "https://bugzilla.suse.com/1245509"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-07T12:08:16Z",
"generator": {
"date": "2025-10-07T12:08:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03468-1",
"initial_release_date": "2025-10-07T12:08:16Z",
"revision_history": [
{
"date": "2025-10-07T12:08:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:08:16Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:08:16Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_14-rt-17-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-07T12:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
suse-su-2025:03503-1
Vulnerability from csaf_suse
Published
2025-10-09 06:33
Modified
2025-10-09 06:33
Summary
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
Description of the patch
This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.
The following security issues were fixed:
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
Patchnames
SUSE-2025-3503,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3503
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3503,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3503",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03503-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03503-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503503-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03503-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042040.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233072",
"url": "https://bugzilla.suse.com/1233072"
},
{
"category": "self",
"summary": "SUSE Bug 1237048",
"url": "https://bugzilla.suse.com/1237048"
},
{
"category": "self",
"summary": "SUSE Bug 1240744",
"url": "https://bugzilla.suse.com/1240744"
},
{
"category": "self",
"summary": "SUSE Bug 1243650",
"url": "https://bugzilla.suse.com/1243650"
},
{
"category": "self",
"summary": "SUSE Bug 1247315",
"url": "https://bugzilla.suse.com/1247315"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-10-09T06:33:46Z",
"generator": {
"date": "2025-10-09T06:33:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03503-1",
"initial_release_date": "2025-10-09T06:33:46Z",
"revision_history": [
{
"date": "2025-10-09T06:33:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-preempt-18-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-preempt-18-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-preempt-18-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:46Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:46Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:46Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:46Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-09T06:33:46Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
}
]
}
ghsa-vr2w-w74g-r822
Vulnerability from github
Published
2025-02-27 03:34
Modified
2025-03-13 15:32
Severity ?
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
vrf: use RCU protection in l3mdev_l3_out()
l3mdev_l3_out() can be called without RCU being held:
raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out()
Add rcu_read_lock() / rcu_read_unlock() pair to avoid a potential UAF.
{
"affected": [],
"aliases": [
"CVE-2025-21791"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-27T03:15:19Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"id": "GHSA-vr2w-w74g-r822",
"modified": "2025-03-13T15:32:52Z",
"published": "2025-02-27T03:34:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21791"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2025-21791
Vulnerability from fkie_nvd
Published
2025-02-27 03:15
Modified
2025-03-13 21:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
vrf: use RCU protection in l3mdev_l3_out()
l3mdev_l3_out() can be called without RCU being held:
raw_sendmsg()
ip_push_pending_frames()
ip_send_skb()
ip_local_out()
__ip_local_out()
l3mdev_ip_out()
Add rcu_read_lock() / rcu_read_unlock() pair to avoid
a potential UAF.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.14 | |
| linux | linux_kernel | 6.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C17A14-0DFF-4500-8A61-0B4CE1F404E5",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vrf: usar protecci\u00f3n RCU en l3mdev_l3_out() l3mdev_l3_out() se puede llamar sin que se retenga RCU: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Agregue el par rcu_read_lock() / rcu_read_unlock() para evitar un posible UAF."
}
],
"id": "CVE-2025-21791",
"lastModified": "2025-03-13T21:53:49.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-27T03:15:19.970",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/20a3489b396764cc9376e32a9172bee26a89dc3b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/5bb4228c32261d06e4fbece37ec3828bcc005b6b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/6ccaa5797f5362a2aad6baa6ddaf4715ac2dd51e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
wid-sec-w-2025-0453
Vulnerability from csaf_certbund
Published
2025-02-26 23:00
Modified
2025-09-22 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0453 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0453.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0453 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0453"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-49732",
"url": "https://lore.kernel.org/linux-cve-announce/2025022619-CVE-2022-49732-fc0d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-49570",
"url": "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2024-49570-d2e7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-52557",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52557-506d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-52559",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52559-6125@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-52560",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52560-8446@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-54456",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-54456-e8a9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-54458",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-54458-75cd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57834",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-57834-f004@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57852",
"url": "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2024-57852-f942@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57953",
"url": "https://lore.kernel.org/linux-cve-announce/2025022631-CVE-2024-57953-9830@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57973",
"url": "https://lore.kernel.org/linux-cve-announce/2025022632-CVE-2024-57973-8797@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57974",
"url": "https://lore.kernel.org/linux-cve-announce/2025022632-CVE-2024-57974-189e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57975",
"url": "https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2024-57975-e1c7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57976",
"url": "https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2024-57976-10f5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57977",
"url": "https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2024-57977-88ac@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57978",
"url": "https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57978-2a90@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57979",
"url": "https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57979-aad0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57980",
"url": "https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57980-4b5a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57981",
"url": "https://lore.kernel.org/linux-cve-announce/2025022635-CVE-2024-57981-bba6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57982",
"url": "https://lore.kernel.org/linux-cve-announce/2025022635-CVE-2024-57982-c76a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57983",
"url": "https://lore.kernel.org/linux-cve-announce/2025022635-CVE-2024-57983-d9c0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57984",
"url": "https://lore.kernel.org/linux-cve-announce/2025022636-CVE-2024-57984-191f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57985",
"url": "https://lore.kernel.org/linux-cve-announce/2025022636-CVE-2024-57985-1f49@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57986",
"url": "https://lore.kernel.org/linux-cve-announce/2025022636-CVE-2024-57986-6166@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57987",
"url": "https://lore.kernel.org/linux-cve-announce/2025022637-CVE-2024-57987-09a3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57988",
"url": "https://lore.kernel.org/linux-cve-announce/2025022637-CVE-2024-57988-db3b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57989",
"url": "https://lore.kernel.org/linux-cve-announce/2025022638-CVE-2024-57989-0a14@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57990",
"url": "https://lore.kernel.org/linux-cve-announce/2025022638-CVE-2024-57990-67dc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57991",
"url": "https://lore.kernel.org/linux-cve-announce/2025022638-CVE-2024-57991-a3e1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57992",
"url": "https://lore.kernel.org/linux-cve-announce/2025022639-CVE-2024-57992-fa9c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57993",
"url": "https://lore.kernel.org/linux-cve-announce/2025022639-CVE-2024-57993-e136@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57994",
"url": "https://lore.kernel.org/linux-cve-announce/2025022639-CVE-2024-57994-8dbd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57995",
"url": "https://lore.kernel.org/linux-cve-announce/2025022640-CVE-2024-57995-892d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57996",
"url": "https://lore.kernel.org/linux-cve-announce/2025022640-CVE-2024-57996-b670@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57997",
"url": "https://lore.kernel.org/linux-cve-announce/2025022640-CVE-2024-57997-a004@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57998",
"url": "https://lore.kernel.org/linux-cve-announce/2025022641-CVE-2024-57998-e730@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57999",
"url": "https://lore.kernel.org/linux-cve-announce/2025022641-CVE-2024-57999-1029@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58000",
"url": "https://lore.kernel.org/linux-cve-announce/2025022642-CVE-2024-58000-4f74@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58001",
"url": "https://lore.kernel.org/linux-cve-announce/2025022654-CVE-2024-58001-3f9c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58002",
"url": "https://lore.kernel.org/linux-cve-announce/2025022654-CVE-2024-58002-6f93@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58003",
"url": "https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2024-58003-2b9b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58004",
"url": "https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2024-58004-cf99@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58005",
"url": "https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2024-58005-f2fa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58006",
"url": "https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2024-58006-9855@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58007",
"url": "https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2024-58007-123c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58008",
"url": "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58008-548d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58009",
"url": "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58009-b2d2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58010",
"url": "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58010-39bc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58011",
"url": "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58011-5ed8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58012",
"url": "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58012-90ce@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58013",
"url": "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58013-55de@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58014",
"url": "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58014-6269@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58015",
"url": "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58015-f72e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58016",
"url": "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58016-115b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58017",
"url": "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58017-fb48@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58018",
"url": "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58018-605c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58019",
"url": "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2024-58019-64da@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58020",
"url": "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2024-58020-a097@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58021",
"url": "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2024-58021-0769@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21705",
"url": "https://lore.kernel.org/linux-cve-announce/2025022642-CVE-2025-21705-c7e5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21706",
"url": "https://lore.kernel.org/linux-cve-announce/2025022642-CVE-2025-21706-f5bd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21707",
"url": "https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2025-21707-2961@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21708",
"url": "https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2025-21708-77ac@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21709",
"url": "https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2025-21709-e967@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21710",
"url": "https://lore.kernel.org/linux-cve-announce/2025022644-CVE-2025-21710-5e28@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21711",
"url": "https://lore.kernel.org/linux-cve-announce/2025022644-CVE-2025-21711-9e79@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21712",
"url": "https://lore.kernel.org/linux-cve-announce/2025022644-CVE-2025-21712-8345@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21713",
"url": "https://lore.kernel.org/linux-cve-announce/2025022645-CVE-2025-21713-4c72@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21714",
"url": "https://lore.kernel.org/linux-cve-announce/2025022645-CVE-2025-21714-8169@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21715",
"url": "https://lore.kernel.org/linux-cve-announce/2025022645-CVE-2025-21715-2837@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21716",
"url": "https://lore.kernel.org/linux-cve-announce/2025022646-CVE-2025-21716-3afa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21717",
"url": "https://lore.kernel.org/linux-cve-announce/2025022646-CVE-2025-21717-3893@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21718",
"url": "https://lore.kernel.org/linux-cve-announce/2025022646-CVE-2025-21718-d976@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21719",
"url": "https://lore.kernel.org/linux-cve-announce/2025022646-CVE-2025-21719-dbee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21720",
"url": "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21720-063a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21721",
"url": "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21721-28d2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21722",
"url": "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21722-5415@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21723",
"url": "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21723-9f05@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21724",
"url": "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21724-f4b1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21725",
"url": "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21725-3a4d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21726",
"url": "https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21726-73b1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21727",
"url": "https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21727-b034@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21728",
"url": "https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21728-5da4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21729",
"url": "https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21729-24e3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21730",
"url": "https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21730-5bfb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21731",
"url": "https://lore.kernel.org/linux-cve-announce/2025022649-CVE-2025-21731-c18b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21732",
"url": "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2025-21732-e800@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21733",
"url": "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2025-21733-f0b8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21734",
"url": "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2025-21734-ac40@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21735",
"url": "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2025-21735-259b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21736",
"url": "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21736-6d94@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21737",
"url": "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21737-db6e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21738",
"url": "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21738-f502@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21739",
"url": "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21739-5578@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21740",
"url": "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21740-083e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21741",
"url": "https://lore.kernel.org/linux-cve-announce/2025022600-CVE-2025-21741-cbfd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21742",
"url": "https://lore.kernel.org/linux-cve-announce/2025022600-CVE-2025-21742-7d50@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21743",
"url": "https://lore.kernel.org/linux-cve-announce/2025022600-CVE-2025-21743-c67f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21744",
"url": "https://lore.kernel.org/linux-cve-announce/2025022600-CVE-2025-21744-2585@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21745",
"url": "https://lore.kernel.org/linux-cve-announce/2025022600-CVE-2025-21745-19ee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21746",
"url": "https://lore.kernel.org/linux-cve-announce/2025022600-CVE-2025-21746-380d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21747",
"url": "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21747-a514@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21748",
"url": "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21748-c980@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21749",
"url": "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21749-cd11@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21750",
"url": "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21750-d10d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21751",
"url": "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21752",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2025-21752-5815@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21753",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2025-21753-91bd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21754",
"url": "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2025-21754-9daa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21755",
"url": "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2025-21755-5887@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21756",
"url": "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2025-21756-5e09@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21757",
"url": "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2025-21757-912a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21758",
"url": "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21758-9f8c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21759",
"url": "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21759-ad7c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21760",
"url": "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21760-fb9d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21761",
"url": "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21761-218b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21762",
"url": "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21762-8b8d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21763",
"url": "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21763-dcff@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21764",
"url": "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21764-1061@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21765",
"url": "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21765-4d5e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21766",
"url": "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21766-a004@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21767",
"url": "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21767-4c7f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21768",
"url": "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21768-512b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21769",
"url": "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21769-c349@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21770",
"url": "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21770-d7e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21771",
"url": "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21771-6032@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21772",
"url": "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21772-5ec0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21773",
"url": "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21773-2ee7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21774",
"url": "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21774-26d5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21775",
"url": "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21775-3137@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21776",
"url": "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21776-5581@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21777",
"url": "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21777-0c96@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21778",
"url": "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21778-9ae4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21779",
"url": "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21779-f239@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21780",
"url": "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21780-8283@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21781",
"url": "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21781-7324@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21782",
"url": "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21782-9d97@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21783",
"url": "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21783-2714@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21784",
"url": "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21784-cd4e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21785",
"url": "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21785-184c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21786",
"url": "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21786-f31d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21787",
"url": "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21787-c4f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21788",
"url": "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21788-2619@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21789",
"url": "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21789-9691@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21790",
"url": "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21790-af3e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21791",
"url": "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21791-6074@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21792",
"url": "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21792-d8e8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21793",
"url": "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21793-2c1e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21794",
"url": "https://lore.kernel.org/linux-cve-announce/2025022610-CVE-2025-21794-ddde@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21795",
"url": "https://lore.kernel.org/linux-cve-announce/2025022610-CVE-2025-21795-785d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21796",
"url": "https://lore.kernel.org/linux-cve-announce/2025022610-CVE-2025-21796-0133@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21797",
"url": "https://lore.kernel.org/linux-cve-announce/2025022610-CVE-2025-21797-04ee@gregkh/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2474 vom 2025-03-10",
"url": "https://access.redhat.com/errata/RHSA-2025:2474"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-2473 vom 2025-03-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-2473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0834-1 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020497.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0847-1 vom 2025-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2710 vom 2025-03-20",
"url": "https://access.redhat.com/errata/RHSA-2025:2710"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0955-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0983-1 vom 2025-03-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020579.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3128 vom 2025-03-25",
"url": "https://access.redhat.com/errata/RHSA-2025:3128"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3127 vom 2025-03-25",
"url": "https://access.redhat.com/errata/RHSA-2025:3127"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3208 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3208"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3212 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3212"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3214 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3213 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3213"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3207 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3207"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3211 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3211"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2025:3216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3209 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3209"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-3208 vom 2025-03-27",
"url": "https://linux.oracle.com/errata/ELSA-2025-3208.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3264 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3264"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3260 vom 2025-03-26",
"url": "https://access.redhat.com/errata/RHSA-2025:3260"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1027-1 vom 2025-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020612.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-3260 vom 2025-03-27",
"url": "https://linux.oracle.com/errata/ELSA-2025-3260.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4102 vom 2025-04-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-069 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-069.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2025-097 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-097.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1177-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1176-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020671.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1183-1 vom 2025-04-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020678.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1195-1 vom 2025-04-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020680.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1194-1 vom 2025-04-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020681.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5900 vom 2025-04-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00062.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1241-1 vom 2025-04-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020694.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1263-1 vom 2025-04-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/Q4U3LRNKLFTX56NC6NKHFDU35E5WDD75/"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2025-04-16",
"url": "https://cloud.google.com/container-optimized-os/docs/release-notes#April_14_2025"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1293-1 vom 2025-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020712.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2826 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2826.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-218 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-218.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-220 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-220.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-088 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-088.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-215 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-215.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-219 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-219.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-214 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-214.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-211 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-211.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-212 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-212.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-213 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-213.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-217 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-217.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-216 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-216.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-1970 vom 2025-04-17",
"url": "https://alas.aws.amazon.com/ALAS-2025-1970.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7445-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7445-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7452-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7452-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7449-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7449-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7451-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7451-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7448-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7448-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7450-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7450-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7453-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7453-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7455-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7455-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7460-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7460-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7449-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7449-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-3 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7455-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-4 vom 2025-04-25",
"url": "https://ubuntu.com/security/notices/USN-7455-4"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7231915 vom 2025-04-26",
"url": "https://www.ibm.com/support/pages/node/7231915"
},
{
"category": "external",
"summary": "PoC CVE-2025-21756 vom 2025-04-28",
"url": "https://github.com/hoefler02/CVE-2025-21756"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7468-1 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7468-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7455-5 vom 2025-04-29",
"url": "https://ubuntu.com/security/notices/USN-7455-5"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-225 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-225.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-228 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-228.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-227 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-227.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-226 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-226.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-224 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-224.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2025-100 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-100.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-090 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-090.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-070 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-070.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2025-098 vom 2025-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-098.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7475-1 vom 2025-05-02",
"url": "https://ubuntu.com/security/notices/USN-7475-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7423 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7423"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7652 vom 2025-05-15",
"url": "https://access.redhat.com/errata/RHSA-2025:7652"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7682 vom 2025-05-16",
"url": "https://access.redhat.com/errata/RHSA-2025:7682"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7676 vom 2025-05-15",
"url": "https://access.redhat.com/errata/RHSA-2025:7676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7683 vom 2025-05-16",
"url": "https://access.redhat.com/errata/RHSA-2025:7683"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1574-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020835.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7903 vom 2025-05-19",
"url": "https://access.redhat.com/errata/RHSA-2025:7903"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7516-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7897 vom 2025-05-19",
"url": "https://access.redhat.com/errata/RHSA-2025:7897"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7901 vom 2025-05-19",
"url": "https://access.redhat.com/errata/RHSA-2025:7901"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1573-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020836.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7896 vom 2025-05-19",
"url": "https://access.redhat.com/errata/RHSA-2025:7896"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7902 vom 2025-05-19",
"url": "https://access.redhat.com/errata/RHSA-2025:7902"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7512-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7512-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7517-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7518-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7518-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7516-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01600-1 vom 2025-05-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020854.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7523-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7523-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8057 vom 2025-05-21",
"url": "https://access.redhat.com/errata/RHSA-2025:8057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8056 vom 2025-05-21",
"url": "https://access.redhat.com/errata/RHSA-2025:8056"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-4 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7511-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-5 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7521-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8058 vom 2025-05-21",
"url": "https://access.redhat.com/errata/RHSA-2025:8058"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01614-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01620-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020867.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01627-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020866.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-4 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7516-4"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-8056 vom 2025-05-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-8056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01633-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020864.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-2 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7517-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01640-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020861.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-2 vom 2025-05-22",
"url": "https://ubuntu.com/security/notices/USN-7521-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-5 vom 2025-05-23",
"url": "https://ubuntu.com/security/notices/USN-7516-5"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7423 vom 2025-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-7423.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7903 vom 2025-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-7903.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8137 vom 2025-05-26",
"url": "https://access.redhat.com/errata/RHSA-2025:8137"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-6 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7516-6"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4178 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01707-1 vom 2025-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020902.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-3 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7517-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7524-1 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7524-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-6 vom 2025-05-27",
"url": "https://ubuntu.com/security/notices/USN-7510-6"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8248 vom 2025-05-28",
"url": "https://access.redhat.com/errata/RHSA-2025:8248"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-7 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7510-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-3 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7521-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7510-8"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-7 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-7"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4193 vom 2025-05-30",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20343-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020965.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-9 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-9"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20344-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020964.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-8"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2865 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2865.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8345 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8345"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8347 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8347"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8346 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8346"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8342 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8342"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8344 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8344"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8333 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8333"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8343 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8343"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8348 vom 2025-06-02",
"url": "https://access.redhat.com/errata/RHSA-2025:8348"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20355-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021015.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20354-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021016.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-8333 vom 2025-06-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-8333.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20283-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20206-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021137.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20190-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01844-1 vom 2025-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021438.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01843-1 vom 2025-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021432.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01839-1 vom 2025-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021433.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01840-1 vom 2025-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021434.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-1983 vom 2025-06-10",
"url": "https://alas.aws.amazon.com/ALAS-2025-1983.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01849-1 vom 2025-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021443.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01853-1 vom 2025-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021441.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01851-1 vom 2025-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021442.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01869-1 vom 2025-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021449.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-082556 vom 2025-06-10",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01868-1 vom 2025-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021447.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01875-1 vom 2025-06-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MS3XXVHXB3HEZP3HNHCCJLMN3IGQ7UNZ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01873-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021451.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01892-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021465.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01901-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01893-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021468.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01894-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021467.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01899-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021466.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01908-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01907-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021474.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01906-1 vom 2025-06-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/555WAYKDPARZFWYJBA7IPHKL7OLUGFCD/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01927-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021493.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20381-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021488.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01929-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021498.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01930-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021497.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20387-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021482.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01928-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021499.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20388-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021481.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01922-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021479.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20386-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021483.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20382-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021487.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20383-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021486.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20389-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021480.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20384-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021485.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01935-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021500.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01932-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021501.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01950-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021510.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01944-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01958-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021516.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01957-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021517.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01948-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021512.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01949-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021511.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01956-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021518.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20402-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021520.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20401-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021521.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20400-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021522.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20399-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021523.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20398-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021524.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20397-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021525.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9079 vom 2025-06-16",
"url": "https://access.redhat.com/errata/RHSA-2025:9079"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01964-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01965-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01972-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021537.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01983-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20408-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20413-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021547.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02000-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021568.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20421-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021590.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20419-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021591.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7593-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7593-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9497 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9497"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9492 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9492"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9493 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9493"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9494 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9494"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9490 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9490"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9498 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9498"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9491 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9491"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9581 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9581"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9580 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9580"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9584 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9584"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9580 vom 2025-06-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-9580.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7602-1 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7602-1"
},
{
"category": "external",
"summary": "SEM 2025.2.1 release notes vom 2025-07-02",
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2025-2-1_release_notes.htm"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10211 vom 2025-07-02",
"url": "https://access.redhat.com/errata/RHSA-2025:10211"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9079 vom 2025-07-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-9079.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-8137 vom 2025-07-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-8137.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10371 vom 2025-07-07",
"url": "https://access.redhat.com/errata/RHSA-2025:10371"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10379 vom 2025-07-07",
"url": "https://access.redhat.com/errata/RHSA-2025:10379"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-10371 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-10371.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02249-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021766.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-10379 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-10379.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02254-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021770.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02264-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021785.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2025-082 vom 2025-07-10",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2025-082.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10830 vom 2025-07-14",
"url": "https://access.redhat.com/errata/RHSA-2025:10830"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10829 vom 2025-07-14",
"url": "https://access.redhat.com/errata/RHSA-2025:10829"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02307-1 vom 2025-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02321-1 vom 2025-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021811.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2025:11299"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02322-1 vom 2025-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021810.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11298 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11298"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11245 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11245"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20470 vom 2025-07-16",
"url": "https://linux.oracle.com/errata/ELSA-2025-20470.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02335-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021828.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02333-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021830.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11298 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11298.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02334-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021829.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7640-1 vom 2025-07-16",
"url": "https://ubuntu.com/security/notices/USN-7640-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7653-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7653-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7652-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7652-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7651-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-1 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-2 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-3 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7655-1 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7655-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-2 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7651-2"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20480 vom 2025-07-18",
"url": "https://linux.oracle.com/errata/ELSA-2025-20480.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11411 vom 2025-07-21",
"url": "https://access.redhat.com/errata/RHSA-2025:11411"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02387-1 vom 2025-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021861.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02385-1 vom 2025-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021862.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02388-1 vom 2025-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021860.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02390-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021881.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02402-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021875.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02412-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02405-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021868.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02410-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T7JYI4RKW2E7EB4ZJ6UB45TTF2H6PEYR/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11428 vom 2025-07-21",
"url": "https://access.redhat.com/errata/RHSA-2025:11428"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02399-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/76DMKQMABVDV4KDJA6FQ7PDOF7RSG4ZQ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02400-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFZK6V3WCARPDN2N3X7GFGJTK7UFSP6T/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02413-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021865.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02401-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C2CTS27REDRGOT26DT2AKNCWHEMLXFPV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02389-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021882.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02398-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZIQSMDCERQHP4JSQ3YSIO5TMBD637EV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02393-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/536XR3DQAUU4EJXWQKQRE6QHNW7W4M5C/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02411-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DEKG43SVEEUNQXJBCRXWGSWJ6NQ36NUC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02392-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021879.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02394-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021878.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02396-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021876.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02391-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021880.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02403-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXLF63OLKSA5LWF3BYMVRASA55GHVYJY/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02433-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021883.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02420-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021886.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02428-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021889.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02418-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021888.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02451-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22P3K2RHZ424E6JGDSKSXUABXRESY6GY/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02416-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021890.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02415-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021891.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02446-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYAKCPI3CQKIWHWVXLDBJMK5CDOB5VRS/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02436-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JOC4XFCSYMATM6FYIQWRDFK5AQF4P2LT/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02434-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HM6XIBRQQ4DT55UN4XNTKFRWGXRY73A5/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11411 vom 2025-07-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-11411.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02454-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7NNLH3GVII5RPJKDTSNRRAF2IHEZBWAO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02444-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAPR5ITSSKHG4EAWNWSLSEMDSVTCH3CA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02438-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C4GMDP2SNO4HPRFRHQVRBAS7WAZ5PYIZ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02449-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOIECZ42HAJGKZ7TVGI4LLLNAG27ZF7L/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20483-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021917.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02442-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7BWN4GTGQU33LC3C2LNMXQT72KBQAYTF/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20475-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021919.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02422-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021884.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02421-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021885.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02419-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021887.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02445-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WYJ3O67PBJST6GKMJJXDEBLGGDV5KJKJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02440-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ON72ZMOEO6E3K3KZFRVFHX5LUYA6RAXJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02437-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CCEZBA2U7C5F2MCQC3AIBIKAHNQBPFOI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02455-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2GXZ2EL5OVKMNFWDPFV7NT367YYOFZO/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-3 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7651-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02459-1 vom 2025-07-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CNBGONL5CBCKJ2ZQN6XVJFDFNJMHMLDW/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-4 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7654-4"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11428 vom 2025-07-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-11428.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-4 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7651-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02468-1 vom 2025-07-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H7LXLV4ZFW2U2LQ7EL4MR5BCEPMCAILY/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-5 vom 2025-07-24",
"url": "https://ubuntu.com/security/notices/USN-7651-5"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02507-1 vom 2025-07-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021949.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-6 vom 2025-07-24",
"url": "https://ubuntu.com/security/notices/USN-7651-6"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20493-1 vom 2025-07-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021967.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20498-1 vom 2025-07-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021965.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11861 vom 2025-07-28",
"url": "https://access.redhat.com/errata/RHSA-2025:11861"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02537-1 vom 2025-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021978.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02538-1 vom 2025-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021981.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-5 vom 2025-07-29",
"url": "https://ubuntu.com/security/notices/USN-7654-5"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11861 vom 2025-07-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-11861.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12209 vom 2025-07-29",
"url": "https://access.redhat.com/errata/RHSA-2025:12209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12311 vom 2025-07-30",
"url": "https://access.redhat.com/errata/RHSA-2025:12311"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12525 vom 2025-08-04",
"url": "https://access.redhat.com/errata/RHSA-2025:12525"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20526-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022026.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20527-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022025.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20518-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022033.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20520-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022031.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20528-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022024.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20525-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022027.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12662 vom 2025-08-04",
"url": "https://access.redhat.com/errata/RHSA-2025:12662"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20517-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022034.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20519-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022032.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12746 vom 2025-08-04",
"url": "https://access.redhat.com/errata/RHSA-2025:12746"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-098 vom 2025-08-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-098.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12526 vom 2025-08-05",
"url": "https://access.redhat.com/errata/RHSA-2025:12526"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13061 vom 2025-08-05",
"url": "https://access.redhat.com/errata/RHSA-2025:13061"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13135 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13135"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20545-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022099.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20541-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022103.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20540-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022104.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13120 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13120"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20542-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022102.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20546-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022098.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13029 vom 2025-08-05",
"url": "https://access.redhat.com/errata/RHSA-2025:13029"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7686-1 vom 2025-08-05",
"url": "https://ubuntu.com/security/notices/USN-7686-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20544-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022100.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13030 vom 2025-08-05",
"url": "https://access.redhat.com/errata/RHSA-2025:13030"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-12746 vom 2025-08-06",
"url": "https://linux.oracle.com/errata/ELSA-2025-12746.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241589 vom 2025-08-06",
"url": "https://www.ibm.com/support/pages/node/7241589"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13590 vom 2025-08-11",
"url": "https://access.redhat.com/errata/RHSA-2025:13590"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13589 vom 2025-08-11",
"url": "https://access.redhat.com/errata/RHSA-2025:13589"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20520 vom 2025-08-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-20520.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-12662 vom 2025-08-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-12662.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13633 vom 2025-08-11",
"url": "https://access.redhat.com/errata/RHSA-2025:13633"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-13589 vom 2025-08-12",
"url": "https://linux.oracle.com/errata/ELSA-2025-13589.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13776 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13776"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13781 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13781"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14054 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14054"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02846-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022192.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14094 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14094"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-1 vom 2025-08-20",
"url": "https://ubuntu.com/security/notices/USN-7703-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14136 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02923-1 vom 2025-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022237.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-2 vom 2025-08-20",
"url": "https://ubuntu.com/security/notices/USN-7703-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-3 vom 2025-08-21",
"url": "https://ubuntu.com/security/notices/USN-7703-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7712-1 vom 2025-08-22",
"url": "https://ubuntu.com/security/notices/USN-7712-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7711-1 vom 2025-08-22",
"url": "https://ubuntu.com/security/notices/USN-7711-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7719-1 vom 2025-08-26",
"url": "https://ubuntu.com/security/notices/USN-7719-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14748 vom 2025-08-27",
"url": "https://access.redhat.com/errata/RHSA-2025:14748"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14746 vom 2025-08-27",
"url": "https://access.redhat.com/errata/RHSA-2025:14746"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7703-4 vom 2025-08-28",
"url": "https://ubuntu.com/security/notices/USN-7703-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7727-1 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7727-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7727-2 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7727-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7726-3 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7726-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7726-2 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7726-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7726-1 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7726-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7725-1 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7725-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7725-2 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7725-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14985 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:14985"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15035 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15035"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7712-2 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7712-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7725-3 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7725-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7726-4 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7726-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7727-3 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7727-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7737-1 vom 2025-09-03",
"url": "https://ubuntu.com/security/notices/USN-7737-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20551 vom 2025-09-09",
"url": "https://linux.oracle.com/errata/ELSA-2025-20551.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:13590 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:13590"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20553 vom 2025-09-10",
"url": "https://linux.oracle.com/errata/ELSA-2025-20553.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15656 vom 2025-09-10",
"url": "https://access.redhat.com/errata/RHSA-2025:15656"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15660 vom 2025-09-11",
"url": "https://access.redhat.com/errata/RHSA-2025:15660"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7754-2 vom 2025-09-17",
"url": "https://ubuntu.com/security/notices/USN-7754-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7754-1 vom 2025-09-17",
"url": "https://ubuntu.com/security/notices/USN-7754-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-109 vom 2025-09-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-109.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7755-2 vom 2025-09-17",
"url": "https://ubuntu.com/security/notices/USN-7755-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7755-1 vom 2025-09-17",
"url": "https://ubuntu.com/security/notices/USN-7755-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14987 vom 2025-09-18",
"url": "https://linux.oracle.com/errata/ELSA-2025-14987.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14748 vom 2025-09-18",
"url": "https://linux.oracle.com/errata/ELSA-2025-14748.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7726-5 vom 2025-09-18",
"url": "https://ubuntu.com/security/notices/USN-7726-5"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6008 vom 2025-09-23",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00172.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-22T22:00:00.000+00:00",
"generator": {
"date": "2025-09-23T04:56:31.748+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0453",
"initial_release_date": "2025-02-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-03-23T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-24T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-25T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-26T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux, Red Hat und SUSE aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-10T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-13T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-04-14T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-23T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "26",
"summary": "PoC f\u00fcr CVE-2025-21756 aufgenommen"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-01T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von SUSE, Ubuntu und Red Hat aufgenommen"
},
{
"date": "2025-05-19T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Ubuntu, SUSE und Red Hat aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE, Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Ubuntu, Debian und SUSE aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Ubuntu, Debian, SUSE und Amazon aufgenommen"
},
{
"date": "2025-06-01T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von SUSE und Siemens aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-12T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-01T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-07-03T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-06T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-07-10T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2025-07-13T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-14T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-20T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Oracle Linux, Red Hat und SUSE aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von Oracle Linux, Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-27T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-29T22:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von Ubuntu, Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-07-30T22:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "76",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-08-04T22:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von Red Hat und Amazon aufgenommen"
},
{
"date": "2025-08-05T22:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von Red Hat, SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von Oracle Linux und IBM aufgenommen"
},
{
"date": "2025-08-10T22:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-18T22:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-24T22:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "90",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "93",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-03T22:00:00.000+00:00",
"number": "94",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "95",
"summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-09-09T22:00:00.000+00:00",
"number": "96",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "97",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "98",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "99",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-18T22:00:00.000+00:00",
"number": "100",
"summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
},
{
"date": "2025-09-22T22:00:00.000+00:00",
"number": "101",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "101"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP11 IF04",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF04",
"product_id": "T043169"
}
},
{
"category": "product_version",
"name": "7.5.0 UP11 IF04",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP11 IF04",
"product_id": "T043169-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if04"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP13",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP13",
"product_id": "T045828"
}
},
{
"category": "product_version",
"name": "7.5.0 UP13",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP13",
"product_id": "T045828-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up13"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T046484",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.49",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.49",
"product_id": "T042010"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.49",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.49",
"product_id": "T042010-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.49"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1500 CPU",
"product": {
"name": "Siemens SIMATIC S7 1500 CPU",
"product_id": "T025776",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:1500_cpu"
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2025.2.1",
"product": {
"name": "SolarWinds Security Event Manager \u003c2025.2.1",
"product_id": "T044986"
}
},
{
"category": "product_version",
"name": "2025.2.1",
"product": {
"name": "SolarWinds Security Event Manager 2025.2.1",
"product_id": "T044986-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:security_event_manager:2025.2.1"
}
}
}
],
"category": "product_name",
"name": "Security Event Manager"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49732",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2022-49732"
},
{
"cve": "CVE-2024-49570",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-49570"
},
{
"cve": "CVE-2024-52557",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-52557"
},
{
"cve": "CVE-2024-52559",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-52560",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-52560"
},
{
"cve": "CVE-2024-54456",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-54456"
},
{
"cve": "CVE-2024-54458",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-54458"
},
{
"cve": "CVE-2024-57834",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57852",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57852"
},
{
"cve": "CVE-2024-57953",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57953"
},
{
"cve": "CVE-2024-57973",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57975",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57975"
},
{
"cve": "CVE-2024-57976",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57976"
},
{
"cve": "CVE-2024-57977",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57977"
},
{
"cve": "CVE-2024-57978",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57982",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57982"
},
{
"cve": "CVE-2024-57983",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57983"
},
{
"cve": "CVE-2024-57984",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57984"
},
{
"cve": "CVE-2024-57985",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57985"
},
{
"cve": "CVE-2024-57986",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57987",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57987"
},
{
"cve": "CVE-2024-57988",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57988"
},
{
"cve": "CVE-2024-57989",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57989"
},
{
"cve": "CVE-2024-57990",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57991",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57991"
},
{
"cve": "CVE-2024-57992",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57992"
},
{
"cve": "CVE-2024-57993",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57995",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57995"
},
{
"cve": "CVE-2024-57996",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57998",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57998"
},
{
"cve": "CVE-2024-57999",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58000",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58000"
},
{
"cve": "CVE-2024-58001",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58001"
},
{
"cve": "CVE-2024-58002",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58003",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58003"
},
{
"cve": "CVE-2024-58004",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58004"
},
{
"cve": "CVE-2024-58005",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58008",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58008"
},
{
"cve": "CVE-2024-58009",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58010",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58010"
},
{
"cve": "CVE-2024-58011",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58015",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58015"
},
{
"cve": "CVE-2024-58016",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58016"
},
{
"cve": "CVE-2024-58017",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58021",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2024-58021"
},
{
"cve": "CVE-2025-21705",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21707",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21707"
},
{
"cve": "CVE-2025-21708",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21709",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21709"
},
{
"cve": "CVE-2025-21710",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21710"
},
{
"cve": "CVE-2025-21711",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21712",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21712"
},
{
"cve": "CVE-2025-21713",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21713"
},
{
"cve": "CVE-2025-21714",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21717",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21717"
},
{
"cve": "CVE-2025-21718",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21720",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21720"
},
{
"cve": "CVE-2025-21721",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21721"
},
{
"cve": "CVE-2025-21722",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21722"
},
{
"cve": "CVE-2025-21723",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21730",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21730"
},
{
"cve": "CVE-2025-21731",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21737",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21737"
},
{
"cve": "CVE-2025-21738",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21740",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21740"
},
{
"cve": "CVE-2025-21741",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21746",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21746"
},
{
"cve": "CVE-2025-21747",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21747"
},
{
"cve": "CVE-2025-21748",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21748"
},
{
"cve": "CVE-2025-21749",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21751",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21751"
},
{
"cve": "CVE-2025-21752",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21752"
},
{
"cve": "CVE-2025-21753",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21757",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21757"
},
{
"cve": "CVE-2025-21758",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21759",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21768",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21768"
},
{
"cve": "CVE-2025-21769",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21769"
},
{
"cve": "CVE-2025-21770",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21770"
},
{
"cve": "CVE-2025-21771",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21771"
},
{
"cve": "CVE-2025-21772",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21774",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21774"
},
{
"cve": "CVE-2025-21775",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21777",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21777"
},
{
"cve": "CVE-2025-21778",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21778"
},
{
"cve": "CVE-2025-21779",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21783",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21783"
},
{
"cve": "CVE-2025-21784",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21786",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21786"
},
{
"cve": "CVE-2025-21787",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21787"
},
{
"cve": "CVE-2025-21788",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21788"
},
{
"cve": "CVE-2025-21789",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21789"
},
{
"cve": "CVE-2025-21790",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21792",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21792"
},
{
"cve": "CVE-2025-21793",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21797",
"product_status": {
"known_affected": [
"67646",
"T034583",
"T045828",
"T004914",
"T032255",
"T039664",
"T043169",
"T044986",
"2951",
"T002207",
"T000126",
"T046484",
"398363",
"T025776",
"1607324",
"T042010"
]
},
"release_date": "2025-02-26T23:00:00.000+00:00",
"title": "CVE-2025-21797"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…