Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-38499 (GCVE-0-2025-38499)
Vulnerability from cvelistv5
Published
2025-08-11 16:01
Modified
2025-08-28 14:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
What we want is to verify there is that clone won't expose something
hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo"
may be a result of MNT_LOCKED on a child, but it may also come from
lacking admin rights in the userns of the namespace mount belongs to.
clone_private_mnt() checks the former, but not the latter.
There's a number of rather confusing CAP_SYS_ADMIN checks in various
userns during the mount, especially with the new mount API; they serve
different purposes and in case of clone_private_mnt() they usually,
but not always end up covering the missing check mentioned above.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 427215d85e8d1476da1a86b8d67aceb485eb3631 Version: 427215d85e8d1476da1a86b8d67aceb485eb3631 Version: 427215d85e8d1476da1a86b8d67aceb485eb3631 Version: 427215d85e8d1476da1a86b8d67aceb485eb3631 Version: 427215d85e8d1476da1a86b8d67aceb485eb3631 Version: 427215d85e8d1476da1a86b8d67aceb485eb3631 Version: c6e8810d25295acb40a7b69ed3962ff181919571 Version: e3eee87c846dc47f6d8eb6d85e7271f24122a279 Version: 517b875dfbf58f0c6c9e32dc90f5cf42d71a42ce Version: 963d85d630dabe75a3cfde44a006fec3304d07b8 Version: 812f39ed5b0b7f34868736de3055c92c7c4cf459 Version: 6a002d48a66076524f67098132538bef17e8445e Version: 41812f4b84484530057513478c6770590347dc30 |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "36fecd740de2d542d2091d65d36554ee2bcf9c65",
"status": "affected",
"version": "427215d85e8d1476da1a86b8d67aceb485eb3631",
"versionType": "git"
},
{
"lessThan": "d717325b5ecf2a40daca85c61923e17f32306179",
"status": "affected",
"version": "427215d85e8d1476da1a86b8d67aceb485eb3631",
"versionType": "git"
},
{
"lessThan": "dc6a664089f10eab0fb36b6e4f705022210191d2",
"status": "affected",
"version": "427215d85e8d1476da1a86b8d67aceb485eb3631",
"versionType": "git"
},
{
"lessThan": "e77078e52fbf018ab986efb3c79065ab35025607",
"status": "affected",
"version": "427215d85e8d1476da1a86b8d67aceb485eb3631",
"versionType": "git"
},
{
"lessThan": "38628ae06e2a37770cd794802a3f1310cf9846e3",
"status": "affected",
"version": "427215d85e8d1476da1a86b8d67aceb485eb3631",
"versionType": "git"
},
{
"lessThan": "c28f922c9dcee0e4876a2c095939d77fe7e15116",
"status": "affected",
"version": "427215d85e8d1476da1a86b8d67aceb485eb3631",
"versionType": "git"
},
{
"status": "affected",
"version": "c6e8810d25295acb40a7b69ed3962ff181919571",
"versionType": "git"
},
{
"status": "affected",
"version": "e3eee87c846dc47f6d8eb6d85e7271f24122a279",
"versionType": "git"
},
{
"status": "affected",
"version": "517b875dfbf58f0c6c9e32dc90f5cf42d71a42ce",
"versionType": "git"
},
{
"status": "affected",
"version": "963d85d630dabe75a3cfde44a006fec3304d07b8",
"versionType": "git"
},
{
"status": "affected",
"version": "812f39ed5b0b7f34868736de3055c92c7c4cf459",
"versionType": "git"
},
{
"status": "affected",
"version": "6a002d48a66076524f67098132538bef17e8445e",
"versionType": "git"
},
{
"status": "affected",
"version": "41812f4b84484530057513478c6770590347dc30",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.147",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.190",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.147",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.100",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.40",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:43:32.428Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/36fecd740de2d542d2091d65d36554ee2bcf9c65"
},
{
"url": "https://git.kernel.org/stable/c/d717325b5ecf2a40daca85c61923e17f32306179"
},
{
"url": "https://git.kernel.org/stable/c/dc6a664089f10eab0fb36b6e4f705022210191d2"
},
{
"url": "https://git.kernel.org/stable/c/e77078e52fbf018ab986efb3c79065ab35025607"
},
{
"url": "https://git.kernel.org/stable/c/38628ae06e2a37770cd794802a3f1310cf9846e3"
},
{
"url": "https://git.kernel.org/stable/c/c28f922c9dcee0e4876a2c095939d77fe7e15116"
}
],
"title": "clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38499",
"datePublished": "2025-08-11T16:01:08.257Z",
"dateReserved": "2025-04-16T04:51:24.022Z",
"dateUpdated": "2025-08-28T14:43:32.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38499\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-11T16:15:30.057\",\"lastModified\":\"2025-08-28T15:15:51.383\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\\n\\nWhat we want is to verify there is that clone won\u0027t expose something\\nhidden by a mount we wouldn\u0027t be able to undo. \\\"Wouldn\u0027t be able to undo\\\"\\nmay be a result of MNT_LOCKED on a child, but it may also come from\\nlacking admin rights in the userns of the namespace mount belongs to.\\n\\nclone_private_mnt() checks the former, but not the latter.\\n\\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\\nuserns during the mount, especially with the new mount API; they serve\\ndifferent purposes and in case of clone_private_mnt() they usually,\\nbut not always end up covering the missing check mentioned above.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clone_private_mnt(): asegurar que el llamador tenga CAP_SYS_ADMIN en los usuarios correctos. Lo que queremos es verificar que clone no exponga algo oculto por un montaje que no podamos deshacer. \\\"No se puede deshacer\\\" puede ser el resultado de MNT_LOCKED en un hijo, pero tambi\u00e9n puede provenir de la falta de derechos de administrador en los usuarios del espacio de nombres al que pertenece el montaje. clone_private_mnt() comprueba lo primero, pero no lo segundo. Hay varias comprobaciones de CAP_SYS_ADMIN bastante confusas en varios usuarios durante el montaje, especialmente con la nueva API de montaje; tienen diferentes prop\u00f3sitos y, en el caso de clone_private_mnt(), generalmente, aunque no siempre, cubren la comprobaci\u00f3n faltante mencionada anteriormente.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/36fecd740de2d542d2091d65d36554ee2bcf9c65\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/38628ae06e2a37770cd794802a3f1310cf9846e3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c28f922c9dcee0e4876a2c095939d77fe7e15116\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d717325b5ecf2a40daca85c61923e17f32306179\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dc6a664089f10eab0fb36b6e4f705022210191d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e77078e52fbf018ab986efb3c79065ab35025607\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
wid-sec-w-2025-1757
Vulnerability from csaf_certbund
Published
2025-08-11 22:00
Modified
2025-09-08 22:00
Summary
Linux Kernel: Schwachstelle ermöglicht Umgehen von Sicherheitsmechanismen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Sicherheitsmechanismen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1757 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1757.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1757 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1757"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38499 vom 2025-08-11",
"url": "https://lore.kernel.org/linux-cve-announce/2025081112-CVE-2025-38499-4572@gregkh/"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2387670 vom 2025-08-11",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387670"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5975 vom 2025-08-13",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00139.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20551 vom 2025-09-09",
"url": "https://linux.oracle.com/errata/ELSA-2025-20551.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsmechanismen",
"tracking": {
"current_release_date": "2025-09-08T22:00:00.000+00:00",
"generator": {
"date": "2025-09-09T07:41:13.361+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1757",
"initial_release_date": "2025-08-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=5.14",
"product": {
"name": "Open Source Linux Kernel \u003c=5.14",
"product_id": "T021126"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.14",
"product": {
"name": "Open Source Linux Kernel \u003c=5.14",
"product_id": "T021126-fixed"
}
}
],
"category": "product_name",
"name": "Linux Kernel"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38499",
"product_status": {
"known_affected": [
"2951",
"T004914"
],
"last_affected": [
"T021126"
]
},
"release_date": "2025-08-11T22:00:00.000+00:00",
"title": "CVE-2025-38499"
}
]
}
fkie_cve-2025-38499
Vulnerability from fkie_nvd
Published
2025-08-11 16:15
Modified
2025-08-28 15:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
What we want is to verify there is that clone won't expose something
hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo"
may be a result of MNT_LOCKED on a child, but it may also come from
lacking admin rights in the userns of the namespace mount belongs to.
clone_private_mnt() checks the former, but not the latter.
There's a number of rather confusing CAP_SYS_ADMIN checks in various
userns during the mount, especially with the new mount API; they serve
different purposes and in case of clone_private_mnt() they usually,
but not always end up covering the missing check mentioned above.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clone_private_mnt(): asegurar que el llamador tenga CAP_SYS_ADMIN en los usuarios correctos. Lo que queremos es verificar que clone no exponga algo oculto por un montaje que no podamos deshacer. \"No se puede deshacer\" puede ser el resultado de MNT_LOCKED en un hijo, pero tambi\u00e9n puede provenir de la falta de derechos de administrador en los usuarios del espacio de nombres al que pertenece el montaje. clone_private_mnt() comprueba lo primero, pero no lo segundo. Hay varias comprobaciones de CAP_SYS_ADMIN bastante confusas en varios usuarios durante el montaje, especialmente con la nueva API de montaje; tienen diferentes prop\u00f3sitos y, en el caso de clone_private_mnt(), generalmente, aunque no siempre, cubren la comprobaci\u00f3n faltante mencionada anteriormente."
}
],
"id": "CVE-2025-38499",
"lastModified": "2025-08-28T15:15:51.383",
"metrics": {},
"published": "2025-08-11T16:15:30.057",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/36fecd740de2d542d2091d65d36554ee2bcf9c65"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/38628ae06e2a37770cd794802a3f1310cf9846e3"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/c28f922c9dcee0e4876a2c095939d77fe7e15116"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/d717325b5ecf2a40daca85c61923e17f32306179"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/dc6a664089f10eab0fb36b6e4f705022210191d2"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/e77078e52fbf018ab986efb3c79065ab35025607"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
suse-su-2025:03272-1
Vulnerability from csaf_suse
Published
2025-09-18 18:51
Modified
2025-09-18 18:51
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186).
- CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198).
- CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355).
- CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
The following non-security bugs were fixed:
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI: Add ACS quirk for Loongson PCIe (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes).
- Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes).
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes).
- arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes).
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes).
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes).
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes).
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes).
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes).
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes).
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes).
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes).
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes).
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes).
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes).
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- bpf: fix kfunc btf caching for modules (git-fixes).
- bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes).
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix the length of reserved qgroup to free (bsc#1240708).
- btrfs: retry block group reclaim without infinite loop (git-fixes).
- btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120).
- btrfs: run delayed iputs when flushing delalloc (git-fixes).
- btrfs: update target inode's ctime on unlink (git-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- et131x: Add missing check after DMA map (stable-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120)
- fs/orangefs: use snprintf() instead of sprintf() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- hfs: fix not erasing deleted b-tree node issue (git-fixes).
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes).
- hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes).
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- jfs: Regular file corruption check (git-fixes).
- jfs: truncate good inode pages when hard link is 0 (git-fixes).
- jfs: upper bound check of tree index in dbAllocAG (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346).
- kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- md/md-cluster: handle REMOVE message earlier (bsc#1247057).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes).
- mptcp: reset when MPTCP opts are dropped after join (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- samples/bpf: Fix compilation errors with cf-protection option (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes).
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: Fix errno checking in syscall_user_dispatch test (git-fixes).
- selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix parsing of device numbers (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes).
- usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- vfs: Add a sysctl for automated deletion of dentry (bsc#1240890).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
Patchnames
SUSE-2025-3272,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3272,SUSE-SLE-Module-RT-15-SP6-2025-3272,openSUSE-SLE-15.6-2025-3272
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708).\n- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).\n- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).\n- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).\n- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).\n- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).\n- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).\n- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).\n- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).\n- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).\n- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).\n- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).\n- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).\n- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).\n- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).\n- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).\n- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).\n- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).\n- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).\n- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).\n- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).\n- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).\n- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).\n- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).\n- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).\n- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).\n- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).\n- CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186).\n- CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217).\n- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).\n- CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198).\n- CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205).\n- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).\n- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).\n- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).\n- CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355).\n- CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363).\n- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).\n\nThe following non-security bugs were fixed:\n\n- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).\n- ACPI: pfr_update: Fix the driver update version check (git-fixes).\n- ACPI: processor: fix acpi_object initialization (stable-fixes).\n- ACPI: processor: perflib: Move problematic pr-\u003eperformance check (git-fixes).\n- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).\n- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).\n- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).\n- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).\n- ALSA: hda: Disable jack polling at shutdown (stable-fixes).\n- ALSA: hda: Handle the jack polling always via a work (stable-fixes).\n- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).\n- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).\n- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).\n- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).\n- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).\n- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).\n- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).\n- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).\n- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).\n- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).\n- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).\n- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).\n- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).\n- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).\n- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).\n- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).\n- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).\n- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).\n- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).\n- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).\n- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).\n- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).\n- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).\n- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).\n- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).\n- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).\n- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).\n- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).\n- PCI: Add ACS quirk for Loongson PCIe (git-fixes).\n- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).\n- PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes).\n- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).\n- PCI: imx6: Delay link start until configfs \u0027start\u0027 written (git-fixes).\n- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).\n- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).\n- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).\n- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).\n- PCI: rockchip: Use standard PCIe definitions (git-fixes).\n- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).\n- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).\n- PM: sleep: console: Fix the black screen issue (stable-fixes).\n- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).\n- RAS/AMD/FMPM: Get masked address (bsc#1242034).\n- RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034).\n- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)\n- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)\n- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)\n- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)\n- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)\n- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)\n- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)\n- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)\n- Revert \u0027gpio: mlxbf3: only get IRQ for device instance 0\u0027 (git-fixes).\n- Revert \u0027scsi: iscsi: Fix HW conn removal use after free\u0027 (git-fixes).\n- USB: serial: option: add Foxconn T99W709 (stable-fixes).\n- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).\n- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).\n- aoe: defer rexmit timer downdev work to workqueue (git-fixes).\n- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).\n- arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes).\n- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes).\n- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes).\n- arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes).\n- arm64: Filter out SME hwcaps when FEAT_SME isn\u0027t implemented (git-fixes).\n- arm64: Restrict pagetable teardown to avoid false warning (git-fixes).\n- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes).\n- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes).\n- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes).\n- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes).\n- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes).\n- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes).\n- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes).\n- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes).\n- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes).\n- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes).\n- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes).\n- ata: libata-scsi: Fix CDL control (git-fixes).\n- block: fix kobject leak in blk_unregister_queue (git-fixes).\n- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).\n- bpf: fix kfunc btf caching for modules (git-fixes).\n- bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes).\n- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).\n- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).\n- btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes).\n- btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes).\n- btrfs: fix data race when accessing the inode\u0027s disk_i_size at btrfs_drop_extents() (git-fixes).\n- btrfs: fix the length of reserved qgroup to free (bsc#1240708).\n- btrfs: retry block group reclaim without infinite loop (git-fixes).\n- btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120).\n- btrfs: run delayed iputs when flushing delalloc (git-fixes).\n- btrfs: update target inode\u0027s ctime on unlink (git-fixes).\n- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).\n- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).\n- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).\n- comedi: Make insn_rw_emulate_bits() do insn-\u003en samples (git-fixes).\n- comedi: fix race between polling and detaching (git-fixes).\n- comedi: pcl726: Prevent invalid irq number (git-fixes).\n- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).\n- crypto: jitter - fix intermediary handling (stable-fixes).\n- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).\n- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).\n- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).\n- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).\n- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).\n- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).\n- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).\n- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).\n- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).\n- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).\n- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).\n- drm/amd/display: Fix \u0027failed to blank crtc!\u0027 (stable-fixes).\n- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).\n- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).\n- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).\n- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).\n- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).\n- drm/amd: Restore cached power limit during resume (stable-fixes).\n- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).\n- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).\n- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).\n- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).\n- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).\n- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).\n- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).\n- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).\n- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).\n- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).\n- drm/msm: use trylock for debugfs (stable-fixes).\n- drm/nouveau/disp: Always accept linear modifier (git-fixes).\n- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).\n- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).\n- drm/nouveau: fix typos in comments (git-fixes).\n- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).\n- drm/nouveau: remove unused memory target test (git-fixes).\n- drm/ttm: Respect the shrinker core free target (stable-fixes).\n- drm/ttm: Should to return the evict error (stable-fixes).\n- et131x: Add missing check after DMA map (stable-fixes).\n- exfat: add cluster chain loop check for dir (git-fixes).\n- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).\n- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).\n- fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120)\n- fs/orangefs: use snprintf() instead of sprintf() (git-fixes).\n- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).\n- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).\n- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).\n- hfs: fix not erasing deleted b-tree node issue (git-fixes).\n- hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes).\n- hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes).\n- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).\n- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).\n- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).\n- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).\n- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).\n- ice, irdma: fix an off by one in error handling code (bsc#1247712).\n- ice, irdma: move interrupts code to irdma (bsc#1247712).\n- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).\n- ice: count combined queues using Rx/Tx count (bsc#1247712).\n- ice: devlink PF MSI-X max and min parameter (bsc#1247712).\n- ice: enable_rdma devlink param (bsc#1247712).\n- ice: get rid of num_lan_msix field (bsc#1247712).\n- ice: init flow director before RDMA (bsc#1247712).\n- ice: remove splitting MSI-X between features (bsc#1247712).\n- ice: simplify VF MSI-X managing (bsc#1247712).\n- ice: treat dyn_allowed only as suggestion (bsc#1247712).\n- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).\n- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).\n- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).\n- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).\n- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).\n- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).\n- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).\n- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).\n- ipmi: Fix strcpy source and destination the same (stable-fixes).\n- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).\n- irdma: free iwdev-\u003erf after removing MSI-X (bsc#1247712).\n- jfs: Regular file corruption check (git-fixes).\n- jfs: truncate good inode pages when hard link is 0 (git-fixes).\n- jfs: upper bound check of tree index in dbAllocAG (git-fixes).\n- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).\n- kernel-binary: Another installation ordering fix (bsc#1241353).\n- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346).\n- kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes).\n- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).\n- loop: use kiocb helpers to fix lockdep warning (git-fixes).\n- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).\n- md/md-cluster: handle REMOVE message earlier (bsc#1247057).\n- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).\n- md: allow removing faulty rdev during resync (git-fixes).\n- md: make rdev_addable usable for rcu mode (git-fixes).\n- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).\n- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).\n- media: tc358743: Check I2C succeeded during probe (stable-fixes).\n- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).\n- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).\n- media: usb: hdpvr: disable zero-length read messages (stable-fixes).\n- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).\n- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).\n- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).\n- memstick: Fix deadlock by moving removing flag earlier (git-fixes).\n- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes).\n- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).\n- mmc: sdhci-msm: Ensure SD card power isn\u0027t ON when card removed (stable-fixes).\n- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).\n- most: core: Drop device reference after usage in get_channel() (git-fixes).\n- mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes).\n- mptcp: reset when MPTCP opts are dropped after join (git-fixes).\n- net: phy: micrel: Add ksz9131_resume() (stable-fixes).\n- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).\n- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).\n- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).\n- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).\n- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).\n- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).\n- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).\n- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).\n- pNFS: Handle RPC size limit for layoutcommits (git-fixes).\n- phy: mscc: Fix parsing of unicast frames (git-fixes).\n- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).\n- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).\n- pinctrl: stm32: Manage irq affinity settings (stable-fixes).\n- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).\n- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).\n- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).\n- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).\n- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).\n- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).\n- powerpc/eeh: Rely on dev-\u003elink_active_reporting (bsc#1215199).\n- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).\n- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).\n- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).\n- powerpc: do not build ppc_save_regs.o always (bsc#1215199).\n- pwm: mediatek: Fix duty and period setting (git-fixes).\n- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).\n- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).\n- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).\n- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).\n- samples/bpf: Fix compilation errors with cf-protection option (git-fixes).\n- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).\n- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).\n- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).\n- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).\n- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).\n- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).\n- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).\n- selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes).\n- selftests/tracing: Fix false failure of subsystem event test (git-fixes).\n- selftests: Fix errno checking in syscall_user_dispatch test (git-fixes).\n- selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes).\n- serial: 8250: fix panic due to PSLVERR (git-fixes).\n- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).\n- smb: client: fix parsing of device numbers (git-fixes).\n- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).\n- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).\n- squashfs: fix memory leak in squashfs_fill_super (git-fixes).\n- sunrpc: fix handling of server side tls alerts (git-fixes).\n- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).\n- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).\n- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).\n- ublk: sanity check add_dev input for underflow (git-fixes).\n- ublk: use vmalloc for ublk_device\u0027s __queues (git-fixes).\n- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).\n- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).\n- usb: core: usb_submit_urb: downgrade type check (stable-fixes).\n- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).\n- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).\n- usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes).\n- usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes).\n- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).\n- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).\n- usb: storage: realtek_cr: Use correct byte order for bcs-\u003eResidue (git-fixes).\n- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn\u0027t present (stable-fixes).\n- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).\n- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).\n- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).\n- usb: xhci: Fix slot_id resource race conflict (git-fixes).\n- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).\n- usb: xhci: print xhci-\u003exhc_state when queue_command failed (stable-fixes).\n- vfs: Add a sysctl for automated deletion of dentry (bsc#1240890).\n- watchdog: dw_wdt: Fix default timeout (stable-fixes).\n- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).\n- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).\n- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).\n- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).\n- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).\n- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).\n- wifi: cfg80211: Fix interface type validation (stable-fixes).\n- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).\n- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).\n- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).\n- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).\n- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).\n- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).\n- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).\n- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).\n- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).\n- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).\n- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).\n- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).\n- wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes).\n- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).\n- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3272,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3272,SUSE-SLE-Module-RT-15-SP6-2025-3272,openSUSE-SLE-15.6-2025-3272",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03272-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03272-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503272-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03272-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041777.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1213545",
"url": "https://bugzilla.suse.com/1213545"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1221858",
"url": "https://bugzilla.suse.com/1221858"
},
{
"category": "self",
"summary": "SUSE Bug 1222323",
"url": "https://bugzilla.suse.com/1222323"
},
{
"category": "self",
"summary": "SUSE Bug 1230557",
"url": "https://bugzilla.suse.com/1230557"
},
{
"category": "self",
"summary": "SUSE Bug 1230708",
"url": "https://bugzilla.suse.com/1230708"
},
{
"category": "self",
"summary": "SUSE Bug 1232089",
"url": "https://bugzilla.suse.com/1232089"
},
{
"category": "self",
"summary": "SUSE Bug 1233120",
"url": "https://bugzilla.suse.com/1233120"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240890",
"url": "https://bugzilla.suse.com/1240890"
},
{
"category": "self",
"summary": "SUSE Bug 1241353",
"url": "https://bugzilla.suse.com/1241353"
},
{
"category": "self",
"summary": "SUSE Bug 1242034",
"url": "https://bugzilla.suse.com/1242034"
},
{
"category": "self",
"summary": "SUSE Bug 1242754",
"url": "https://bugzilla.suse.com/1242754"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1244734",
"url": "https://bugzilla.suse.com/1244734"
},
{
"category": "self",
"summary": "SUSE Bug 1244930",
"url": "https://bugzilla.suse.com/1244930"
},
{
"category": "self",
"summary": "SUSE Bug 1245663",
"url": "https://bugzilla.suse.com/1245663"
},
{
"category": "self",
"summary": "SUSE Bug 1245710",
"url": "https://bugzilla.suse.com/1245710"
},
{
"category": "self",
"summary": "SUSE Bug 1245767",
"url": "https://bugzilla.suse.com/1245767"
},
{
"category": "self",
"summary": "SUSE Bug 1245780",
"url": "https://bugzilla.suse.com/1245780"
},
{
"category": "self",
"summary": "SUSE Bug 1245815",
"url": "https://bugzilla.suse.com/1245815"
},
{
"category": "self",
"summary": "SUSE Bug 1245956",
"url": "https://bugzilla.suse.com/1245956"
},
{
"category": "self",
"summary": "SUSE Bug 1245973",
"url": "https://bugzilla.suse.com/1245973"
},
{
"category": "self",
"summary": "SUSE Bug 1245977",
"url": "https://bugzilla.suse.com/1245977"
},
{
"category": "self",
"summary": "SUSE Bug 1246005",
"url": "https://bugzilla.suse.com/1246005"
},
{
"category": "self",
"summary": "SUSE Bug 1246012",
"url": "https://bugzilla.suse.com/1246012"
},
{
"category": "self",
"summary": "SUSE Bug 1246181",
"url": "https://bugzilla.suse.com/1246181"
},
{
"category": "self",
"summary": "SUSE Bug 1246193",
"url": "https://bugzilla.suse.com/1246193"
},
{
"category": "self",
"summary": "SUSE Bug 1247057",
"url": "https://bugzilla.suse.com/1247057"
},
{
"category": "self",
"summary": "SUSE Bug 1247078",
"url": "https://bugzilla.suse.com/1247078"
},
{
"category": "self",
"summary": "SUSE Bug 1247112",
"url": "https://bugzilla.suse.com/1247112"
},
{
"category": "self",
"summary": "SUSE Bug 1247116",
"url": "https://bugzilla.suse.com/1247116"
},
{
"category": "self",
"summary": "SUSE Bug 1247119",
"url": "https://bugzilla.suse.com/1247119"
},
{
"category": "self",
"summary": "SUSE Bug 1247155",
"url": "https://bugzilla.suse.com/1247155"
},
{
"category": "self",
"summary": "SUSE Bug 1247162",
"url": "https://bugzilla.suse.com/1247162"
},
{
"category": "self",
"summary": "SUSE Bug 1247167",
"url": "https://bugzilla.suse.com/1247167"
},
{
"category": "self",
"summary": "SUSE Bug 1247229",
"url": "https://bugzilla.suse.com/1247229"
},
{
"category": "self",
"summary": "SUSE Bug 1247243",
"url": "https://bugzilla.suse.com/1247243"
},
{
"category": "self",
"summary": "SUSE Bug 1247280",
"url": "https://bugzilla.suse.com/1247280"
},
{
"category": "self",
"summary": "SUSE Bug 1247313",
"url": "https://bugzilla.suse.com/1247313"
},
{
"category": "self",
"summary": "SUSE Bug 1247712",
"url": "https://bugzilla.suse.com/1247712"
},
{
"category": "self",
"summary": "SUSE Bug 1247976",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "self",
"summary": "SUSE Bug 1248088",
"url": "https://bugzilla.suse.com/1248088"
},
{
"category": "self",
"summary": "SUSE Bug 1248108",
"url": "https://bugzilla.suse.com/1248108"
},
{
"category": "self",
"summary": "SUSE Bug 1248164",
"url": "https://bugzilla.suse.com/1248164"
},
{
"category": "self",
"summary": "SUSE Bug 1248166",
"url": "https://bugzilla.suse.com/1248166"
},
{
"category": "self",
"summary": "SUSE Bug 1248178",
"url": "https://bugzilla.suse.com/1248178"
},
{
"category": "self",
"summary": "SUSE Bug 1248179",
"url": "https://bugzilla.suse.com/1248179"
},
{
"category": "self",
"summary": "SUSE Bug 1248180",
"url": "https://bugzilla.suse.com/1248180"
},
{
"category": "self",
"summary": "SUSE Bug 1248183",
"url": "https://bugzilla.suse.com/1248183"
},
{
"category": "self",
"summary": "SUSE Bug 1248186",
"url": "https://bugzilla.suse.com/1248186"
},
{
"category": "self",
"summary": "SUSE Bug 1248194",
"url": "https://bugzilla.suse.com/1248194"
},
{
"category": "self",
"summary": "SUSE Bug 1248196",
"url": "https://bugzilla.suse.com/1248196"
},
{
"category": "self",
"summary": "SUSE Bug 1248198",
"url": "https://bugzilla.suse.com/1248198"
},
{
"category": "self",
"summary": "SUSE Bug 1248205",
"url": "https://bugzilla.suse.com/1248205"
},
{
"category": "self",
"summary": "SUSE Bug 1248206",
"url": "https://bugzilla.suse.com/1248206"
},
{
"category": "self",
"summary": "SUSE Bug 1248208",
"url": "https://bugzilla.suse.com/1248208"
},
{
"category": "self",
"summary": "SUSE Bug 1248209",
"url": "https://bugzilla.suse.com/1248209"
},
{
"category": "self",
"summary": "SUSE Bug 1248212",
"url": "https://bugzilla.suse.com/1248212"
},
{
"category": "self",
"summary": "SUSE Bug 1248213",
"url": "https://bugzilla.suse.com/1248213"
},
{
"category": "self",
"summary": "SUSE Bug 1248214",
"url": "https://bugzilla.suse.com/1248214"
},
{
"category": "self",
"summary": "SUSE Bug 1248216",
"url": "https://bugzilla.suse.com/1248216"
},
{
"category": "self",
"summary": "SUSE Bug 1248217",
"url": "https://bugzilla.suse.com/1248217"
},
{
"category": "self",
"summary": "SUSE Bug 1248223",
"url": "https://bugzilla.suse.com/1248223"
},
{
"category": "self",
"summary": "SUSE Bug 1248227",
"url": "https://bugzilla.suse.com/1248227"
},
{
"category": "self",
"summary": "SUSE Bug 1248228",
"url": "https://bugzilla.suse.com/1248228"
},
{
"category": "self",
"summary": "SUSE Bug 1248229",
"url": "https://bugzilla.suse.com/1248229"
},
{
"category": "self",
"summary": "SUSE Bug 1248240",
"url": "https://bugzilla.suse.com/1248240"
},
{
"category": "self",
"summary": "SUSE Bug 1248255",
"url": "https://bugzilla.suse.com/1248255"
},
{
"category": "self",
"summary": "SUSE Bug 1248297",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "self",
"summary": "SUSE Bug 1248306",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "self",
"summary": "SUSE Bug 1248312",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "self",
"summary": "SUSE Bug 1248333",
"url": "https://bugzilla.suse.com/1248333"
},
{
"category": "self",
"summary": "SUSE Bug 1248337",
"url": "https://bugzilla.suse.com/1248337"
},
{
"category": "self",
"summary": "SUSE Bug 1248338",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "self",
"summary": "SUSE Bug 1248340",
"url": "https://bugzilla.suse.com/1248340"
},
{
"category": "self",
"summary": "SUSE Bug 1248341",
"url": "https://bugzilla.suse.com/1248341"
},
{
"category": "self",
"summary": "SUSE Bug 1248345",
"url": "https://bugzilla.suse.com/1248345"
},
{
"category": "self",
"summary": "SUSE Bug 1248349",
"url": "https://bugzilla.suse.com/1248349"
},
{
"category": "self",
"summary": "SUSE Bug 1248350",
"url": "https://bugzilla.suse.com/1248350"
},
{
"category": "self",
"summary": "SUSE Bug 1248354",
"url": "https://bugzilla.suse.com/1248354"
},
{
"category": "self",
"summary": "SUSE Bug 1248355",
"url": "https://bugzilla.suse.com/1248355"
},
{
"category": "self",
"summary": "SUSE Bug 1248361",
"url": "https://bugzilla.suse.com/1248361"
},
{
"category": "self",
"summary": "SUSE Bug 1248363",
"url": "https://bugzilla.suse.com/1248363"
},
{
"category": "self",
"summary": "SUSE Bug 1248368",
"url": "https://bugzilla.suse.com/1248368"
},
{
"category": "self",
"summary": "SUSE Bug 1248374",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "self",
"summary": "SUSE Bug 1248377",
"url": "https://bugzilla.suse.com/1248377"
},
{
"category": "self",
"summary": "SUSE Bug 1248386",
"url": "https://bugzilla.suse.com/1248386"
},
{
"category": "self",
"summary": "SUSE Bug 1248390",
"url": "https://bugzilla.suse.com/1248390"
},
{
"category": "self",
"summary": "SUSE Bug 1248395",
"url": "https://bugzilla.suse.com/1248395"
},
{
"category": "self",
"summary": "SUSE Bug 1248399",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "self",
"summary": "SUSE Bug 1248401",
"url": "https://bugzilla.suse.com/1248401"
},
{
"category": "self",
"summary": "SUSE Bug 1248511",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "self",
"summary": "SUSE Bug 1248573",
"url": "https://bugzilla.suse.com/1248573"
},
{
"category": "self",
"summary": "SUSE Bug 1248575",
"url": "https://bugzilla.suse.com/1248575"
},
{
"category": "self",
"summary": "SUSE Bug 1248577",
"url": "https://bugzilla.suse.com/1248577"
},
{
"category": "self",
"summary": "SUSE Bug 1248609",
"url": "https://bugzilla.suse.com/1248609"
},
{
"category": "self",
"summary": "SUSE Bug 1248614",
"url": "https://bugzilla.suse.com/1248614"
},
{
"category": "self",
"summary": "SUSE Bug 1248617",
"url": "https://bugzilla.suse.com/1248617"
},
{
"category": "self",
"summary": "SUSE Bug 1248621",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "self",
"summary": "SUSE Bug 1248636",
"url": "https://bugzilla.suse.com/1248636"
},
{
"category": "self",
"summary": "SUSE Bug 1248643",
"url": "https://bugzilla.suse.com/1248643"
},
{
"category": "self",
"summary": "SUSE Bug 1248648",
"url": "https://bugzilla.suse.com/1248648"
},
{
"category": "self",
"summary": "SUSE Bug 1248652",
"url": "https://bugzilla.suse.com/1248652"
},
{
"category": "self",
"summary": "SUSE Bug 1248655",
"url": "https://bugzilla.suse.com/1248655"
},
{
"category": "self",
"summary": "SUSE Bug 1248666",
"url": "https://bugzilla.suse.com/1248666"
},
{
"category": "self",
"summary": "SUSE Bug 1248669",
"url": "https://bugzilla.suse.com/1248669"
},
{
"category": "self",
"summary": "SUSE Bug 1248746",
"url": "https://bugzilla.suse.com/1248746"
},
{
"category": "self",
"summary": "SUSE Bug 1248748",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "self",
"summary": "SUSE Bug 1249022",
"url": "https://bugzilla.suse.com/1249022"
},
{
"category": "self",
"summary": "SUSE Bug 1249346",
"url": "https://bugzilla.suse.com/1249346"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3867 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4130 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4515 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26661 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58238 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38146 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38205 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38245 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38251 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38360 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38439 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38441 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38444 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38445 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38458 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38459 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38464 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38472 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38490 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38491 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38500 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38503 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38510 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38512 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38513 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38515 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38516 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38524 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38528 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38529 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38530 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38531 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38535 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38537 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38538 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38540 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38541 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38543 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38546 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38548 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38550 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38553 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38555 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38560 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38568 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38571 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38572 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38576 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38581 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38582 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38583 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38585 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38588 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38591 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38601 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38602 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38604 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38608 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38609 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38610 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38612 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38621 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38624 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38630 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38634 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38646 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38656 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38663 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38671/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-09-18T18:51:32Z",
"generator": {
"date": "2025-09-18T18:51:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03272-1",
"initial_release_date": "2025-09-18T18:51:32Z",
"revision_history": [
{
"date": "2025-09-18T18:51:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150600.10.52.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP6",
"product": {
"name": "SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.52.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-extra-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-optional-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.52.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
},
"product_reference": "reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds read in smb2_sess_setup\n\nksmbd does not consider the case of that smb2 session setup is\nin compound request. If this is the second payload of the compound,\nOOB read issue occurs while processing the first payload in\nthe smb2_sess_setup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3867",
"url": "https://www.suse.com/security/cve/CVE-2023-3867"
},
{
"category": "external",
"summary": "SUSE Bug 1213545 for CVE-2023-3867",
"url": "https://bugzilla.suse.com/1213545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-3867"
},
{
"cve": "CVE-2023-4130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()\n\nThere are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request\nfrom client. ksmbd find next smb2_ea_info using -\u003eNextEntryOffset of\ncurrent smb2_ea_info. ksmbd need to validate buffer length Before\naccessing the next ea. ksmbd should check buffer length using buf_len,\nnot next variable. next is the start offset of current ea that got from\nprevious ea.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4130",
"url": "https://www.suse.com/security/cve/CVE-2023-4130"
},
{
"category": "external",
"summary": "SUSE Bug 1248164 for CVE-2023-4130",
"url": "https://bugzilla.suse.com/1248164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-4130"
},
{
"cve": "CVE-2023-4515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4515"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate command request size\n\nIn commit 2b9b8f3b68ed (\"ksmbd: validate command payload size\"), except\nfor SMB2_OPLOCK_BREAK_HE command, the request size of other commands\nis not checked, it\u0027s not expected. Fix it by add check for request\nsize of other commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4515",
"url": "https://www.suse.com/security/cve/CVE-2023-4515"
},
{
"category": "external",
"summary": "SUSE Bug 1248180 for CVE-2023-4515",
"url": "https://bugzilla.suse.com/1248180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-4515"
},
{
"cve": "CVE-2024-26661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26661"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL test for \u0027timing generator\u0027 in \u0027dcn21_set_pipe()\u0027\n\nIn \"u32 otg_inst = pipe_ctx-\u003estream_res.tg-\u003einst;\"\npipe_ctx-\u003estream_res.tg could be NULL, it is relying on the caller to\nensure the tg is not NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26661",
"url": "https://www.suse.com/security/cve/CVE-2024-26661"
},
{
"category": "external",
"summary": "SUSE Bug 1222323 for CVE-2024-26661",
"url": "https://bugzilla.suse.com/1222323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-26661"
},
{
"cve": "CVE-2024-46733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W 6.10.0-rc7-gab56fde445b8 #21\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? close_ctree+0x222/0x4d0 [btrfs]\n ? __warn.cold+0x8e/0xea\n ? close_ctree+0x222/0x4d0 [btrfs]\n ? report_bug+0xff/0x140\n ? handle_bug+0x3b/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? close_ctree+0x222/0x4d0 [btrfs]\n generic_shutdown_super+0x70/0x160\n kill_anon_super+0x11/0x40\n btrfs_kill_super+0x11/0x20 [btrfs]\n deactivate_locked_super+0x2e/0xa0\n cleanup_mnt+0xb5/0x150\n task_work_run+0x57/0x80\n syscall_exit_to_user_mode+0x121/0x130\n do_syscall_64+0xab/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f916847a887\n ---[ end trace 0000000000000000 ]---\n BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46733",
"url": "https://www.suse.com/security/cve/CVE-2024-46733"
},
{
"category": "external",
"summary": "SUSE Bug 1230708 for CVE-2024-46733",
"url": "https://bugzilla.suse.com/1230708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-46733"
},
{
"cve": "CVE-2024-49996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49996",
"url": "https://www.suse.com/security/cve/CVE-2024-49996"
},
{
"category": "external",
"summary": "SUSE Bug 1232089 for CVE-2024-49996",
"url": "https://bugzilla.suse.com/1232089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-49996"
},
{
"cve": "CVE-2024-58238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Resolve TX timeout error in power save stress test\n\nThis fixes the tx timeout issue seen while running a stress test on\nbtnxpuart for couple of hours, such that the interval between two HCI\ncommands coincide with the power save timeout value of 2 seconds.\n\nTest procedure using bash script:\n\u003cload btnxpuart.ko\u003e\nhciconfig hci0 up\n//Enable Power Save feature\nhcitool -i hci0 cmd 3f 23 02 00 00\nwhile (true)\ndo\n hciconfig hci0 leadv\n sleep 2\n hciconfig hci0 noleadv\n sleep 2\ndone\n\nError log, after adding few more debug prints:\nBluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00\nBluetooth: hci0: Set UART break: on, status=0\nBluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled\nBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00\nCan\u0027t set advertise mode on hci0: Connection timed out (110)\nBluetooth: hci0: command 0x200a tx timeout\n\nWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()\nis scheduled simultaneously, psdata-\u003eps_state is read as PS_STATE_AWAKE,\nwhich prevents the psdata-\u003ework from being scheduled, which is responsible\nto turn OFF UART break.\n\nThis issue is fixed by adding a ps_lock mutex around UART break on/off as\nwell as around ps_state read/write.\nbtnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is\nPS_STATE_SLEEP, it will first schedule psdata-\u003ework, and then it will\nreschedule itself once UART break has been turned off and ps_state is\nPS_STATE_AWAKE.\n\nTested above script for 50,000 iterations and TX timeout error was not\nobserved anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58238",
"url": "https://www.suse.com/security/cve/CVE-2024-58238"
},
{
"category": "external",
"summary": "SUSE Bug 1242754 for CVE-2024-58238",
"url": "https://bugzilla.suse.com/1242754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-58238"
},
{
"cve": "CVE-2024-58239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: stop recv() if initial process_rx_list gave us non-DATA\n\nIf we have a non-DATA record on the rx_list and another record of the\nsame type still on the queue, we will end up merging them:\n - process_rx_list copies the non-DATA record\n - we start the loop and process the first available record since it\u0027s\n of the same type\n - we break out of the loop since the record was not DATA\n\nJust check the record type and jump to the end in case process_rx_list\ndid some work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58239",
"url": "https://www.suse.com/security/cve/CVE-2024-58239"
},
{
"category": "external",
"summary": "SUSE Bug 1248614 for CVE-2024-58239",
"url": "https://bugzilla.suse.com/1248614"
},
{
"category": "external",
"summary": "SUSE Bug 1248615 for CVE-2024-58239",
"url": "https://bugzilla.suse.com/1248615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2024-58239"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don\u0027t access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38006",
"url": "https://www.suse.com/security/cve/CVE-2025-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1244930 for CVE-2025-38006",
"url": "https://bugzilla.suse.com/1244930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38006"
},
{
"cve": "CVE-2025-38075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix timeout on deleted connection\n\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\n\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\n\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\n iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\n call_timer_fn+0x58/0x1f0\n run_timer_softirq+0x740/0x860\n __do_softirq+0x16c/0x420\n irq_exit+0x188/0x1c0\n timer_interrupt+0x184/0x410\n\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\n\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38075",
"url": "https://www.suse.com/security/cve/CVE-2025-38075"
},
{
"category": "external",
"summary": "SUSE Bug 1244734 for CVE-2025-38075",
"url": "https://bugzilla.suse.com/1244734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38075"
},
{
"cve": "CVE-2025-38103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38103",
"url": "https://www.suse.com/security/cve/CVE-2025-38103"
},
{
"category": "external",
"summary": "SUSE Bug 1245663 for CVE-2025-38103",
"url": "https://bugzilla.suse.com/1245663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-38103"
},
{
"cve": "CVE-2025-38125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring EST\n\nIf the ptp_rate recorded earlier in the driver happens to be 0, this\nbogus value will propagate up to EST configuration, where it will\ntrigger a division by 0.\n\nPrevent this division by 0 by adding the corresponding check and error\ncode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38125",
"url": "https://www.suse.com/security/cve/CVE-2025-38125"
},
{
"category": "external",
"summary": "SUSE Bug 1245710 for CVE-2025-38125",
"url": "https://bugzilla.suse.com/1245710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38125"
},
{
"cve": "CVE-2025-38146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix the dead loop of MPLS parse\n\nThe unexpected MPLS packet may not end with the bottom label stack.\nWhen there are many stacks, The label count value has wrapped around.\nA dead loop occurs, soft lockup/CPU stuck finally.\n\nstack backtrace:\nUBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26\nindex -1 is out of range for type \u0027__be32 [3]\u0027\nCPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G OE 5.15.0-121-generic #131-Ubuntu\nHardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021\nCall Trace:\n \u003cIRQ\u003e\n show_stack+0x52/0x5c\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n key_extract_l3l4+0x82a/0x840 [openvswitch]\n ? kfree_skbmem+0x52/0xa0\n key_extract+0x9c/0x2b0 [openvswitch]\n ovs_flow_key_extract+0x124/0x350 [openvswitch]\n ovs_vport_receive+0x61/0xd0 [openvswitch]\n ? kernel_init_free_pages.part.0+0x4a/0x70\n ? get_page_from_freelist+0x353/0x540\n netdev_port_receive+0xc4/0x180 [openvswitch]\n ? netdev_port_receive+0x180/0x180 [openvswitch]\n netdev_frame_hook+0x1f/0x40 [openvswitch]\n __netif_receive_skb_core.constprop.0+0x23a/0xf00\n __netif_receive_skb_list_core+0xfa/0x240\n netif_receive_skb_list_internal+0x18e/0x2a0\n napi_complete_done+0x7a/0x1c0\n bnxt_poll+0x155/0x1c0 [bnxt_en]\n __napi_poll+0x30/0x180\n net_rx_action+0x126/0x280\n ? bnxt_msix+0x67/0x80 [bnxt_en]\n handle_softirqs+0xda/0x2d0\n irq_exit_rcu+0x96/0xc0\n common_interrupt+0x8e/0xa0\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38146",
"url": "https://www.suse.com/security/cve/CVE-2025-38146"
},
{
"category": "external",
"summary": "SUSE Bug 1245767 for CVE-2025-38146",
"url": "https://bugzilla.suse.com/1245767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38146"
},
{
"cve": "CVE-2025-38160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Add NULL check in raspberrypi_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nraspberrypi_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38160",
"url": "https://www.suse.com/security/cve/CVE-2025-38160"
},
{
"category": "external",
"summary": "SUSE Bug 1245780 for CVE-2025-38160",
"url": "https://bugzilla.suse.com/1245780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38160"
},
{
"cve": "CVE-2025-38184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer\n\nThe reproduction steps:\n1. create a tun interface\n2. enable l2 bearer\n3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun\n\ntipc: Started in network mode\ntipc: Node identity 8af312d38a21, cluster identity 4711\ntipc: Enabled bearer \u003ceth:syz_tun\u003e, priority 1\nOops: general protection fault\nKASAN: null-ptr-deref in range\nCPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT\nHardware name: QEMU Ubuntu 24.04 PC\nRIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0\n\nthe ub was in fact a struct dev.\n\nwhen bid != 0 \u0026\u0026 skip_cnt != 0, bearer_list[bid] may be NULL or\nother media when other thread changes it.\n\nfix this by checking media_id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38184",
"url": "https://www.suse.com/security/cve/CVE-2025-38184"
},
{
"category": "external",
"summary": "SUSE Bug 1245956 for CVE-2025-38184",
"url": "https://bugzilla.suse.com/1245956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38184"
},
{
"cve": "CVE-2025-38185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Free invalid length skb in atmtcp_c_send().\n\nsyzbot reported the splat below. [0]\n\nvcc_sendmsg() copies data passed from userspace to skb and passes\nit to vcc-\u003edev-\u003eops-\u003esend().\n\natmtcp_c_send() accesses skb-\u003edata as struct atmtcp_hdr after\nchecking if skb-\u003elen is 0, but it\u0027s not enough.\n\nAlso, when skb-\u003elen == 0, skb and sk (vcc) were leaked because\ndev_kfree_skb() is not called and sk_wmem_alloc adjustment is missing\nto revert atm_account_tx() in vcc_sendmsg(), which is expected\nto be done in atm_pop_raw().\n\nLet\u0027s properly free skb with an invalid length in atmtcp_c_send().\n\n[0]:\nBUG: KMSAN: uninit-value in atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\n atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\n vcc_sendmsg+0xd7c/0xff0 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmsg net/socket.c:2652 [inline]\n __do_sys_sendmsg net/socket.c:2657 [inline]\n __se_sys_sendmsg net/socket.c:2655 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\n x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4154 [inline]\n slab_alloc_node mm/slub.c:4197 [inline]\n kmem_cache_alloc_node_noprof+0x818/0xf00 mm/slub.c:4249\n kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670\n alloc_skb include/linux/skbuff.h:1336 [inline]\n vcc_sendmsg+0xb40/0xff0 net/atm/common.c:628\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmsg net/socket.c:2652 [inline]\n __do_sys_sendmsg net/socket.c:2657 [inline]\n __se_sys_sendmsg net/socket.c:2655 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\n x64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5798 Comm: syz-executor192 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(undef)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38185",
"url": "https://www.suse.com/security/cve/CVE-2025-38185"
},
{
"category": "external",
"summary": "SUSE Bug 1246012 for CVE-2025-38185",
"url": "https://bugzilla.suse.com/1246012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38185"
},
{
"cve": "CVE-2025-38190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Revert atm_account_tx() if copy_from_iter_full() fails.\n\nIn vcc_sendmsg(), we account skb-\u003etruesize to sk-\u003esk_wmem_alloc by\natm_account_tx().\n\nIt is expected to be reverted by atm_pop_raw() later called by\nvcc-\u003edev-\u003eops-\u003esend(vcc, skb).\n\nHowever, vcc_sendmsg() misses the same revert when copy_from_iter_full()\nfails, and then we will leak a socket.\n\nLet\u0027s factorise the revert part as atm_return_tx() and call it in\nthe failure path.\n\nNote that the corresponding sk_wmem_alloc operation can be found in\nalloc_tx() as of the blamed commit.\n\n $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38190",
"url": "https://www.suse.com/security/cve/CVE-2025-38190"
},
{
"category": "external",
"summary": "SUSE Bug 1245973 for CVE-2025-38190",
"url": "https://bugzilla.suse.com/1245973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38190"
},
{
"cve": "CVE-2025-38201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX\n\nOtherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()\nwhen resizing hashtable because __GFP_NOWARN is unset.\n\nSimilar to:\n\n b541ba7d1f5a (\"netfilter: conntrack: clamp maximum hashtable size to INT_MAX\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38201",
"url": "https://www.suse.com/security/cve/CVE-2025-38201"
},
{
"category": "external",
"summary": "SUSE Bug 1245977 for CVE-2025-38201",
"url": "https://bugzilla.suse.com/1245977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38201"
},
{
"cve": "CVE-2025-38205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid divide by zero by initializing dummy pitch to 1\n\n[Why]\nIf the dummy values in `populate_dummy_dml_surface_cfg()` aren\u0027t updated\nthen they can lead to a divide by zero in downstream callers like\nCalculateVMAndRowBytes()\n\n[How]\nInitialize dummy value to a value to avoid divide by zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38205",
"url": "https://www.suse.com/security/cve/CVE-2025-38205"
},
{
"category": "external",
"summary": "SUSE Bug 1246005 for CVE-2025-38205",
"url": "https://bugzilla.suse.com/1246005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38205"
},
{
"cve": "CVE-2025-38208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: add NULL check in automount_fullpath\n\npage is checked for null in __build_path_from_dentry_optional_prefix\nwhen tcon-\u003eorigin_fullpath is not set. However, the check is missing when\nit is set.\nAdd a check to prevent a potential NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38208",
"url": "https://www.suse.com/security/cve/CVE-2025-38208"
},
{
"category": "external",
"summary": "SUSE Bug 1245815 for CVE-2025-38208",
"url": "https://bugzilla.suse.com/1245815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38208"
},
{
"cve": "CVE-2025-38245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\n\nsyzbot reported a warning below during atm_dev_register(). [0]\n\nBefore creating a new device and procfs/sysfs for it, atm_dev_register()\nlooks up a duplicated device by __atm_dev_lookup(). These operations are\ndone under atm_dev_mutex.\n\nHowever, when removing a device in atm_dev_deregister(), it releases the\nmutex just after removing the device from the list that __atm_dev_lookup()\niterates over.\n\nSo, there will be a small race window where the device does not exist on\nthe device list but procfs/sysfs are still not removed, triggering the\nsplat.\n\nLet\u0027s hold the mutex until procfs/sysfs are removed in\natm_dev_deregister().\n\n[0]:\nproc_dir_entry \u0027atm/atmtcp:0\u0027 already registered\nWARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377\nModules linked in:\nCPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377\nCode: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 \u003c0f\u003e 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48\nRSP: 0018:ffffc9000466fa30 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248\nRDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001\nRBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140\nR13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444\nFS: 00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_create_data+0xbe/0x110 fs/proc/generic.c:585\n atm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361\n atm_dev_register+0x46d/0x890 net/atm/resources.c:113\n atmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369\n atmtcp_attach drivers/atm/atmtcp.c:403 [inline]\n atmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x115/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f38b3b74459\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459\nRDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005\nRBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac\nR13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38245",
"url": "https://www.suse.com/security/cve/CVE-2025-38245"
},
{
"category": "external",
"summary": "SUSE Bug 1246193 for CVE-2025-38245",
"url": "https://bugzilla.suse.com/1246193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38245"
},
{
"cve": "CVE-2025-38251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: prevent NULL deref in clip_push()\n\nBlamed commit missed that vcc_destroy_socket() calls\nclip_push() with a NULL skb.\n\nIf clip_devs is NULL, clip_push() then crashes when reading\nskb-\u003etruesize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38251",
"url": "https://www.suse.com/security/cve/CVE-2025-38251"
},
{
"category": "external",
"summary": "SUSE Bug 1246181 for CVE-2025-38251",
"url": "https://bugzilla.suse.com/1246181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38251"
},
{
"cve": "CVE-2025-38360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add more checks for DSC / HUBP ONO guarantees\n\n[WHY]\nFor non-zero DSC instances it\u0027s possible that the HUBP domain required\nto drive it for sequential ONO ASICs isn\u0027t met, potentially causing\nthe logic to the tile to enter an undefined state leading to a system\nhang.\n\n[HOW]\nAdd more checks to ensure that the HUBP domain matching the DSC instance\nis appropriately powered.\n\n(cherry picked from commit da63df07112e5a9857a8d2aaa04255c4206754ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38360",
"url": "https://www.suse.com/security/cve/CVE-2025-38360"
},
{
"category": "external",
"summary": "SUSE Bug 1247078 for CVE-2025-38360",
"url": "https://bugzilla.suse.com/1247078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38360"
},
{
"cve": "CVE-2025-38439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38439"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\n\nWhen transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()\nwith the proper length instead of 0. This bug triggers this warning\non a system with IOMMU enabled:\n\nWARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170\nRIP: 0010:__iommu_dma_unmap+0x159/0x170\nCode: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45\nb8 4c 89 45 c0 e9 77 ff ff ff \u003c0f\u003e 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00\nRSP: 0018:ff22d31181150c88 EFLAGS: 00010206\nRAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000\nR10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000\nR13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00\nFS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0\nPKRU: 55555554\nCall Trace:\n\u003cIRQ\u003e\n? show_regs+0x6d/0x80\n? __warn+0x89/0x160\n? __iommu_dma_unmap+0x159/0x170\n? report_bug+0x17e/0x1b0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x18/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? __iommu_dma_unmap+0x159/0x170\n? __iommu_dma_unmap+0xb3/0x170\niommu_dma_unmap_page+0x4f/0x100\ndma_unmap_page_attrs+0x52/0x220\n? srso_alias_return_thunk+0x5/0xfbef5\n? xdp_return_frame+0x2e/0xd0\nbnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]\n__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]\nbnxt_poll+0xd3/0x1e0 [bnxt_en]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38439",
"url": "https://www.suse.com/security/cve/CVE-2025-38439"
},
{
"category": "external",
"summary": "SUSE Bug 1247155 for CVE-2025-38439",
"url": "https://bugzilla.suse.com/1247155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-38439"
},
{
"cve": "CVE-2025-38441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()\n\nsyzbot found a potential access to uninit-value in nf_flow_pppoe_proto()\n\nBlamed commit forgot the Ethernet header.\n\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5742 [inline]\n __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837\n __netif_receive_skb_one_core net/core/dev.c:5975 [inline]\n __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090\n netif_receive_skb_internal net/core/dev.c:6176 [inline]\n netif_receive_skb+0x57/0x630 net/core/dev.c:6235\n tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938\n tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0xb4b/0x1580 fs/read_write.c:686\n ksys_write fs/read_write.c:738 [inline]\n __do_sys_write fs/read_write.c:749 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38441",
"url": "https://www.suse.com/security/cve/CVE-2025-38441"
},
{
"category": "external",
"summary": "SUSE Bug 1247167 for CVE-2025-38441",
"url": "https://bugzilla.suse.com/1247167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38441"
},
{
"cve": "CVE-2025-38444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38444"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n comm \"fio\", pid 9197, jiffies 4298078271\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc c1a049a2):\n __kmalloc+0x2bb/0x450\n mempool_alloc+0x11b/0x320\n raid10_make_request+0x19e/0x650 [raid10]\n md_handle_request+0x3b3/0x9e0\n __submit_bio+0x394/0x560\n __submit_bio_noacct+0x145/0x530\n submit_bio_noacct_nocheck+0x682/0x830\n __blkdev_direct_IO_async+0x4dc/0x6b0\n blkdev_read_iter+0x1e5/0x3b0\n __io_read+0x230/0x1110\n io_read+0x13/0x30\n io_issue_sqe+0x134/0x1180\n io_submit_sqes+0x48c/0xe90\n __do_sys_io_uring_enter+0x574/0x8b0\n do_syscall_64+0x5c/0xe0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38444",
"url": "https://www.suse.com/security/cve/CVE-2025-38444"
},
{
"category": "external",
"summary": "SUSE Bug 1247162 for CVE-2025-38444",
"url": "https://bugzilla.suse.com/1247162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38444"
},
{
"cve": "CVE-2025-38445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38445"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: Fix stack memory use after return in raid1_reshape\n\nIn the raid1_reshape function, newpool is\nallocated on the stack and assigned to conf-\u003er1bio_pool.\nThis results in conf-\u003er1bio_pool.wait.head pointing\nto a stack address.\nAccessing this address later can lead to a kernel panic.\n\nExample access path:\n\nraid1_reshape()\n{\n\t// newpool is on the stack\n\tmempool_t newpool, oldpool;\n\t// initialize newpool.wait.head to stack address\n\tmempool_init(\u0026newpool, ...);\n\tconf-\u003er1bio_pool = newpool;\n}\n\nraid1_read_request() or raid1_write_request()\n{\n\talloc_r1bio()\n\t{\n\t\tmempool_alloc()\n\t\t{\n\t\t\t// if pool-\u003ealloc fails\n\t\t\tremove_element()\n\t\t\t{\n\t\t\t\t--pool-\u003ecurr_nr;\n\t\t\t}\n\t\t}\n\t}\n}\n\nmempool_free()\n{\n\tif (pool-\u003ecurr_nr \u003c pool-\u003emin_nr) {\n\t\t// pool-\u003ewait.head is a stack address\n\t\t// wake_up() will try to access this invalid address\n\t\t// which leads to a kernel panic\n\t\treturn;\n\t\twake_up(\u0026pool-\u003ewait);\n\t}\n}\n\nFix:\nreinit conf-\u003er1bio_pool.wait after assigning newpool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38445",
"url": "https://www.suse.com/security/cve/CVE-2025-38445"
},
{
"category": "external",
"summary": "SUSE Bug 1247229 for CVE-2025-38445",
"url": "https://bugzilla.suse.com/1247229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38445"
},
{
"cve": "CVE-2025-38458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38458"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix NULL pointer dereference in vcc_sendmsg()\n\natmarpd_dev_ops does not implement the send method, which may cause crash\nas bellow.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: Oops: 0010 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffc9000d3cf778 EFLAGS: 00010246\nRAX: 1ffffffff1910dd1 RBX: 00000000000000c0 RCX: dffffc0000000000\nRDX: ffffc9000dc82000 RSI: ffff88803e4c4640 RDI: ffff888052cd0000\nRBP: ffffc9000d3cf8d0 R08: ffff888052c9143f R09: 1ffff1100a592287\nR10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff92001a79f00\nR13: ffff888052cd0000 R14: ffff88803e4c4640 R15: ffffffff8c886e88\nFS: 00007fbc762566c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 0000000041f1b000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc50 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n ____sys_sendmsg+0x52d/0x830 net/socket.c:2566\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620\n __sys_sendmmsg+0x227/0x430 net/socket.c:2709\n __do_sys_sendmmsg net/socket.c:2736 [inline]\n __se_sys_sendmmsg net/socket.c:2733 [inline]\n __x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2733\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38458",
"url": "https://www.suse.com/security/cve/CVE-2025-38458"
},
{
"category": "external",
"summary": "SUSE Bug 1247116 for CVE-2025-38458",
"url": "https://bugzilla.suse.com/1247116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38458"
},
{
"cve": "CVE-2025-38459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38459"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc-\u003epush(),\nand the second call copies it to clip_vcc-\u003eold_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc-\u003eold_push(),\ntriggering the infinite recursion.\n\nLet\u0027s prevent the second ioctl(ATMARP_MKIP) by checking\nvcc-\u003euser_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003c41\u003e 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38459",
"url": "https://www.suse.com/security/cve/CVE-2025-38459"
},
{
"category": "external",
"summary": "SUSE Bug 1247119 for CVE-2025-38459",
"url": "https://bugzilla.suse.com/1247119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38459"
},
{
"cve": "CVE-2025-38464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38464"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_conn_close().\n\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\n\ntipc_topsrv_stop() iterates tipc_net(net)-\u003etopsrv-\u003econn_idr and calls\ntipc_conn_close() for each tipc_conn.\n\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\n\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast -\u003ekref.\n\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\n\nLet\u0027s hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\n\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1fc/0x2ef lib/dump_stack.c:118\n print_address_description.cold+0x54/0x219 mm/kasan/report.c:256\n kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\n kasan_report mm/kasan/report.c:412 [inline]\n __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\n tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\n tipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\n tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\n ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\n cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nAllocated by task 23:\n kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\n kmalloc include/linux/slab.h:515 [inline]\n kzalloc include/linux/slab.h:709 [inline]\n tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\n tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nFreed by task 23:\n __cache_free mm/slab.c:3503 [inline]\n kfree+0xcc/0x210 mm/slab.c:3822\n tipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\n kref_put include/linux/kref.h:70 [inline]\n conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nThe buggy address belongs to the object at ffff888099305a00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n 512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38464",
"url": "https://www.suse.com/security/cve/CVE-2025-38464"
},
{
"category": "external",
"summary": "SUSE Bug 1247112 for CVE-2025-38464",
"url": "https://bugzilla.suse.com/1247112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38464"
},
{
"cve": "CVE-2025-38472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38472"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack: fix crash due to removal of uninitialised entry\n\nA crash in conntrack was reported while trying to unlink the conntrack\nentry from the hash bucket list:\n [exception RIP: __nf_ct_delete_from_lists+172]\n [..]\n #7 [ff539b5a2b043aa0] nf_ct_delete at ffffffffc124d421 [nf_conntrack]\n #8 [ff539b5a2b043ad0] nf_ct_gc_expired at ffffffffc124d999 [nf_conntrack]\n #9 [ff539b5a2b043ae0] __nf_conntrack_find_get at ffffffffc124efbc [nf_conntrack]\n [..]\n\nThe nf_conn struct is marked as allocated from slab but appears to be in\na partially initialised state:\n\n ct hlist pointer is garbage; looks like the ct hash value\n (hence crash).\n ct-\u003estatus is equal to IPS_CONFIRMED|IPS_DYING, which is expected\n ct-\u003etimeout is 30000 (=30s), which is unexpected.\n\nEverything else looks like normal udp conntrack entry. If we ignore\nct-\u003estatus and pretend its 0, the entry matches those that are newly\nallocated but not yet inserted into the hash:\n - ct hlist pointers are overloaded and store/cache the raw tuple hash\n - ct-\u003etimeout matches the relative time expected for a new udp flow\n rather than the absolute \u0027jiffies\u0027 value.\n\nIf it were not for the presence of IPS_CONFIRMED,\n__nf_conntrack_find_get() would have skipped the entry.\n\nTheory is that we did hit following race:\n\ncpu x \t\t\tcpu y\t\t\tcpu z\n found entry E\t\tfound entry E\n E is expired\t\t\u003cpreemption\u003e\n nf_ct_delete()\n return E to rcu slab\n\t\t\t\t\tinit_conntrack\n\t\t\t\t\tE is re-inited,\n\t\t\t\t\tct-\u003estatus set to 0\n\t\t\t\t\treply tuplehash hnnode.pprev\n\t\t\t\t\tstores hash value.\n\ncpu y found E right before it was deleted on cpu x.\nE is now re-inited on cpu z. cpu y was preempted before\nchecking for expiry and/or confirm bit.\n\n\t\t\t\t\t-\u003erefcnt set to 1\n\t\t\t\t\tE now owned by skb\n\t\t\t\t\t-\u003etimeout set to 30000\n\nIf cpu y were to resume now, it would observe E as\nexpired but would skip E due to missing CONFIRMED bit.\n\n\t\t\t\t\tnf_conntrack_confirm gets called\n\t\t\t\t\tsets: ct-\u003estatus |= CONFIRMED\n\t\t\t\t\tThis is wrong: E is not yet added\n\t\t\t\t\tto hashtable.\n\ncpu y resumes, it observes E as expired but CONFIRMED:\n\t\t\t\u003cresumes\u003e\n\t\t\tnf_ct_expired()\n\t\t\t -\u003e yes (ct-\u003etimeout is 30s)\n\t\t\tconfirmed bit set.\n\ncpu y will try to delete E from the hashtable:\n\t\t\tnf_ct_delete() -\u003e set DYING bit\n\t\t\t__nf_ct_delete_from_lists\n\nEven this scenario doesn\u0027t guarantee a crash:\ncpu z still holds the table bucket lock(s) so y blocks:\n\n\t\t\twait for spinlock held by z\n\n\t\t\t\t\tCONFIRMED is set but there is no\n\t\t\t\t\tguarantee ct will be added to hash:\n\t\t\t\t\t\"chaintoolong\" or \"clash resolution\"\n\t\t\t\t\tlogic both skip the insert step.\n\t\t\t\t\treply hnnode.pprev still stores the\n\t\t\t\t\thash value.\n\n\t\t\t\t\tunlocks spinlock\n\t\t\t\t\treturn NF_DROP\n\t\t\t\u003cunblocks, then\n\t\t\t crashes on hlist_nulls_del_rcu pprev\u003e\n\nIn case CPU z does insert the entry into the hashtable, cpu y will unlink\nE again right away but no crash occurs.\n\nWithout \u0027cpu y\u0027 race, \u0027garbage\u0027 hlist is of no consequence:\nct refcnt remains at 1, eventually skb will be free\u0027d and E gets\ndestroyed via: nf_conntrack_put -\u003e nf_conntrack_destroy -\u003e nf_ct_destroy.\n\nTo resolve this, move the IPS_CONFIRMED assignment after the table\ninsertion but before the unlock.\n\nPablo points out that the confirm-bit-store could be reordered to happen\nbefore hlist add resp. the timeout fixup, so switch to set_bit and\nbefore_atomic memory barrier to prevent this.\n\nIt doesn\u0027t matter if other CPUs can observe a newly inserted entry right\nbefore the CONFIRMED bit was set:\n\nSuch event cannot be distinguished from above \"E is the old incarnation\"\ncase: the entry will be skipped.\n\nAlso change nf_ct_should_gc() to first check the confirmed bit.\n\nThe gc sequence is:\n 1. Check if entry has expired, if not skip to next entry\n 2. Obtain a reference to the expired entry.\n 3. Call nf_ct_should_gc() to double-check step 1.\n\nnf_ct_should_gc() is thus called only for entries that already failed an\nexpiry check. After this patch, once the confirmed bit check pas\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38472",
"url": "https://www.suse.com/security/cve/CVE-2025-38472"
},
{
"category": "external",
"summary": "SUSE Bug 1247313 for CVE-2025-38472",
"url": "https://bugzilla.suse.com/1247313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38472"
},
{
"cve": "CVE-2025-38490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: remove duplicate page_pool_put_full_page()\n\npage_pool_put_full_page() should only be invoked when freeing Rx buffers\nor building a skb if the size is too short. At other times, the pages\nneed to be reused. So remove the redundant page put. In the original\ncode, double free pages cause kernel panic:\n\n[ 876.949834] __irq_exit_rcu+0xc7/0x130\n[ 876.949836] common_interrupt+0xb8/0xd0\n[ 876.949838] \u003c/IRQ\u003e\n[ 876.949838] \u003cTASK\u003e\n[ 876.949840] asm_common_interrupt+0x22/0x40\n[ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 \u003c45\u003e 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246\n[ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000\n[ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e\n[ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed\n[ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580\n[ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000\n[ 876.949852] ? cpuidle_enter_state+0xb3/0x420\n[ 876.949855] cpuidle_enter+0x29/0x40\n[ 876.949857] cpuidle_idle_call+0xfd/0x170\n[ 876.949859] do_idle+0x7a/0xc0\n[ 876.949861] cpu_startup_entry+0x25/0x30\n[ 876.949862] start_secondary+0x117/0x140\n[ 876.949864] common_startup_64+0x13e/0x148\n[ 876.949867] \u003c/TASK\u003e\n[ 876.949868] ---[ end trace 0000000000000000 ]---\n[ 876.949869] ------------[ cut here ]------------\n[ 876.949870] list_del corruption, ffffead40445a348-\u003enext is NULL\n[ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120\n[ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)\n[ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi\n[ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary)\n[ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE\n[ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120\n[ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff \u003c0f\u003e 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8\n[ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282\n[ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000\n[ 876.949942] RDX: 0000000000000105 RSI: 00000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38490",
"url": "https://www.suse.com/security/cve/CVE-2025-38490"
},
{
"category": "external",
"summary": "SUSE Bug 1247243 for CVE-2025-38490",
"url": "https://bugzilla.suse.com/1247243"
},
{
"category": "external",
"summary": "SUSE Bug 1247384 for CVE-2025-38490",
"url": "https://bugzilla.suse.com/1247384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38490"
},
{
"cve": "CVE-2025-38491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: make fallback action and fallback decision atomic\n\nSyzkaller reported the following splat:\n\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 check_fully_established net/mptcp/options.c:982 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Modules linked in:\n CPU: 1 UID: 0 PID: 7704 Comm: syz.3.1419 Not tainted 6.16.0-rc3-gbd5ce2324dba #20 PREEMPT(voluntary)\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:__mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n RIP: 0010:mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n RIP: 0010:check_fully_established net/mptcp/options.c:982 [inline]\n RIP: 0010:mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Code: 24 18 e8 bb 2a 00 fd e9 1b df ff ff e8 b1 21 0f 00 e8 ec 5f c4 fc 44 0f b7 ac 24 b0 00 00 00 e9 54 f1 ff ff e8 d9 5f c4 fc 90 \u003c0f\u003e 0b 90 e9 b8 f4 ff ff e8 8b 2a 00 fd e9 8d e6 ff ff e8 81 2a 00\n RSP: 0018:ffff8880a3f08448 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff8880180a8000 RCX: ffffffff84afcf45\n RDX: ffff888090223700 RSI: ffffffff84afdaa7 RDI: 0000000000000001\n RBP: ffff888017955780 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff8880180a8910 R14: ffff8880a3e9d058 R15: 0000000000000000\n FS: 00005555791b8500(0000) GS:ffff88811c495000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000110c2800b7 CR3: 0000000058e44000 CR4: 0000000000350ef0\n Call Trace:\n \u003cIRQ\u003e\n tcp_reset+0x26f/0x2b0 net/ipv4/tcp_input.c:4432\n tcp_validate_incoming+0x1057/0x1b60 net/ipv4/tcp_input.c:5975\n tcp_rcv_established+0x5b5/0x21f0 net/ipv4/tcp_input.c:6166\n tcp_v4_do_rcv+0x5dc/0xa70 net/ipv4/tcp_ipv4.c:1925\n tcp_v4_rcv+0x3473/0x44a0 net/ipv4/tcp_ipv4.c:2363\n ip_protocol_deliver_rcu+0xba/0x480 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2f1/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_local_deliver+0x1be/0x560 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:469 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:447 [inline]\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_rcv+0x514/0x810 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5975\n __netif_receive_skb+0x1f/0x120 net/core/dev.c:6088\n process_backlog+0x301/0x1360 net/core/dev.c:6440\n __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7453\n napi_poll net/core/dev.c:7517 [inline]\n net_rx_action+0xb44/0x1010 net/core/dev.c:7644\n handle_softirqs+0x1d0/0x770 kernel/softirq.c:579\n do_softirq+0x3f/0x90 kernel/softirq.c:480\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:407\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n inet_csk_listen_stop+0x2c5/0x1070 net/ipv4/inet_connection_sock.c:1524\n mptcp_check_listen_stop.part.0+0x1cc/0x220 net/mptcp/protocol.c:2985\n mptcp_check_listen_stop net/mptcp/mib.h:118 [inline]\n __mptcp_close+0x9b9/0xbd0 net/mptcp/protocol.c:3000\n mptcp_close+0x2f/0x140 net/mptcp/protocol.c:3066\n inet_release+0xed/0x200 net/ipv4/af_inet.c:435\n inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:487\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x402/0xb70 fs/file_table.c:465\n task_work_run+0x150/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xd4\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38491",
"url": "https://www.suse.com/security/cve/CVE-2025-38491"
},
{
"category": "external",
"summary": "SUSE Bug 1247280 for CVE-2025-38491",
"url": "https://bugzilla.suse.com/1247280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38491"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn\u0027t look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net-\u003exfrmi hash, but since it also exists in the\nxfrmi_net-\u003ecollect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[ 8.516540] kernel BUG at net/core/dev.c:12029!\n[ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 8.516569] Workqueue: netns cleanup_net\n[ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 \u003c0f\u003e 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[ 8.516625] PKRU: 55555554\n[ 8.516627] Call Trace:\n[ 8.516632] \u003cTASK\u003e\n[ 8.516635] ? rtnl_is_locked+0x15/0x20\n[ 8.516641] ? unregister_netdevice_queue+0x29/0xf0\n[ 8.516650] ops_undo_list+0x1f2/0x220\n[ 8.516659] cleanup_net+0x1ad/0x2e0\n[ 8.516664] process_one_work+0x160/0x380\n[ 8.516673] worker_thread+0x2aa/0x3c0\n[ 8.516679] ? __pfx_worker_thread+0x10/0x10\n[ 8.516686] kthread+0xfb/0x200\n[ 8.516690] ? __pfx_kthread+0x10/0x10\n[ 8.516693] ? __pfx_kthread+0x10/0x10\n[ 8.516697] ret_from_fork+0x82/0xf0\n[ 8.516705] ? __pfx_kthread+0x10/0x10\n[ 8.516709] ret_from_fork_asm+0x1a/0x30\n[ 8.516718] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38500",
"url": "https://www.suse.com/security/cve/CVE-2025-38500"
},
{
"category": "external",
"summary": "SUSE Bug 1248088 for CVE-2025-38500",
"url": "https://bugzilla.suse.com/1248088"
},
{
"category": "external",
"summary": "SUSE Bug 1248672 for CVE-2025-38500",
"url": "https://bugzilla.suse.com/1248672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38500"
},
{
"cve": "CVE-2025-38503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion when building free space tree\n\nWhen building the free space tree with the block group tree feature\nenabled, we can hit an assertion failure like this:\n\n BTRFS info (device loop0 state M): rebuilding free space tree\n assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1102!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Modules linked in:\n CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n sp : ffff8000a4ce7600\n x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8\n x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001\n x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160\n x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff\n x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0\n x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff\n x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00\n x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0\n x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e\n Call trace:\n populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)\n btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337\n btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074\n btrfs_remount_rw fs/btrfs/super.c:1319 [inline]\n btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543\n reconfigure_super+0x1d4/0x6f0 fs/super.c:1083\n do_remount fs/namespace.c:3365 [inline]\n path_mount+0xb34/0xde0 fs/namespace.c:4200\n do_mount fs/namespace.c:4221 [inline]\n __do_sys_mount fs/namespace.c:4432 [inline]\n __se_sys_mount fs/namespace.c:4409 [inline]\n __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n Code: f0047182 91178042 528089c3 9771d47b (d4210000)\n ---[ end trace 0000000000000000 ]---\n\nThis happens because we are processing an empty block group, which has\nno extents allocated from it, there are no items for this block group,\nincluding the block group item since block group items are stored in a\ndedicated tree when using the block group tree feature. It also means\nthis is the block group with the highest start offset, so there are no\nhigher keys in the extent root, hence btrfs_search_slot_for_read()\nreturns 1 (no higher key found).\n\nFix this by asserting \u0027ret\u0027 is 0 only if the block group tree feature\nis not enabled, in which case we should find a block group item for\nthe block group since it\u0027s stored in the extent root and block group\nitem keys are greater than extent item keys (the value for\nBTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and\nBTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).\nIn case \u0027ret\u0027 is 1, we just need to add a record to the free space\ntree which spans the whole block group, and we can achieve this by\nmaking \u0027ret == 0\u0027 as the while loop\u0027s condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38503",
"url": "https://www.suse.com/security/cve/CVE-2025-38503"
},
{
"category": "external",
"summary": "SUSE Bug 1248183 for CVE-2025-38503",
"url": "https://bugzilla.suse.com/1248183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38503"
},
{
"cve": "CVE-2025-38506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38506"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Allow CPU to reschedule while setting per-page memory attributes\n\nWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),\nthe host can experience CPU soft lockups when running an operation in\nkvm_vm_set_mem_attributes() to set memory attributes on the whole\nrange of guest memory.\n\nwatchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]\nCPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)\nHardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024\nRIP: 0010:xas_create+0x78/0x1f0\nCode: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u003c74\u003e 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87\nRSP: 0018:ffffad890a34b940 EFLAGS: 00000286\nRAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000\nRDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868\nR13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868\nFS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n xas_store+0x58/0x630\n __xa_store+0xa5/0x130\n xa_store+0x2c/0x50\n kvm_vm_set_mem_attributes+0x343/0x710 [kvm]\n kvm_vm_ioctl+0x796/0xab0 [kvm]\n __x64_sys_ioctl+0xa3/0xd0\n do_syscall_64+0x8c/0x7a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f5578d031bb\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb\nRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b\nRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000\nR10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120\nR13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0\n\nWhile looping through the range of memory setting the attributes,\ncall cond_resched() to give the scheduler a chance to run a higher\npriority task on the runqueue if necessary and avoid staying in\nkernel mode long enough to trigger the lockup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38506",
"url": "https://www.suse.com/security/cve/CVE-2025-38506"
},
{
"category": "external",
"summary": "SUSE Bug 1248186 for CVE-2025-38506",
"url": "https://bugzilla.suse.com/1248186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-38506"
},
{
"cve": "CVE-2025-38510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38510"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: remove kasan_find_vm_area() to prevent possible deadlock\n\nfind_vm_area() couldn\u0027t be called in atomic_context. If find_vm_area() is\ncalled to reports vm area information, kasan can trigger deadlock like:\n\nCPU0 CPU1\nvmalloc();\n alloc_vmap_area();\n spin_lock(\u0026vn-\u003ebusy.lock)\n spin_lock_bh(\u0026some_lock);\n \u003cinterrupt occurs\u003e\n \u003cin softirq\u003e\n spin_lock(\u0026some_lock);\n \u003caccess invalid address\u003e\n kasan_report();\n print_report();\n print_address_description();\n kasan_find_vm_area();\n find_vm_area();\n spin_lock(\u0026vn-\u003ebusy.lock) // deadlock!\n\nTo prevent possible deadlock while kasan reports, remove kasan_find_vm_area().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38510",
"url": "https://www.suse.com/security/cve/CVE-2025-38510"
},
{
"category": "external",
"summary": "SUSE Bug 1248166 for CVE-2025-38510",
"url": "https://bugzilla.suse.com/1248166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38510"
},
{
"cve": "CVE-2025-38512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38512"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: prevent A-MSDU attacks in mesh networks\n\nThis patch is a mitigation to prevent the A-MSDU spoofing vulnerability\nfor mesh networks. The initial update to the IEEE 802.11 standard, in\nresponse to the FragAttacks, missed this case (CVE-2025-27558). It can\nbe considered a variant of CVE-2020-24588 but for mesh networks.\n\nThis patch tries to detect if a standard MSDU was turned into an A-MSDU\nby an adversary. This is done by parsing a received A-MSDU as a standard\nMSDU, calculating the length of the Mesh Control header, and seeing if\nthe 6 bytes after this header equal the start of an rfc1042 header. If\nequal, this is a strong indication of an ongoing attack attempt.\n\nThis defense was tested with mac80211_hwsim against a mesh network that\nuses an empty Mesh Address Extension field, i.e., when four addresses\nare used, and when using a 12-byte Mesh Address Extension field, i.e.,\nwhen six addresses are used. Functionality of normal MSDUs and A-MSDUs\nwas also tested, and confirmed working, when using both an empty and\n12-byte Mesh Address Extension field.\n\nIt was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh\nnetworks keep being detected and prevented.\n\nNote that the vulnerability being patched, and the defense being\nimplemented, was also discussed in the following paper and in the\nfollowing IEEE 802.11 presentation:\n\nhttps://papers.mathyvanhoef.com/wisec2025.pdf\nhttps://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38512",
"url": "https://www.suse.com/security/cve/CVE-2025-38512"
},
{
"category": "external",
"summary": "SUSE Bug 1248178 for CVE-2025-38512",
"url": "https://bugzilla.suse.com/1248178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38512"
},
{
"cve": "CVE-2025-38513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38513"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()\n\nThere is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For\nexample, the following is possible:\n\n \tT0\t\t\t \t\tT1\nzd_mac_tx_to_dev()\n /* len == skb_queue_len(q) */\n while (len \u003e ZD_MAC_MAX_ACK_WAITERS) {\n\n\t\t\t\t\t filter_ack()\n\t\t\t\t\t spin_lock_irqsave(\u0026q-\u003elock, flags);\n\t\t\t\t\t /* position == skb_queue_len(q) */\n\t\t\t\t\t for (i=1; i\u003cposition; i++)\n\t\t\t\t \t skb = __skb_dequeue(q)\n\n\t\t\t\t\t if (mac-\u003etype == NL80211_IFTYPE_AP)\n\t\t\t\t\t skb = __skb_dequeue(q);\n\t\t\t\t\t spin_unlock_irqrestore(\u0026q-\u003elock, flags);\n\n skb_dequeue() -\u003e NULL\n\nSince there is a small gap between checking skb queue length and skb being\nunconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.\nThen the pointer is passed to zd_mac_tx_status() where it is dereferenced.\n\nIn order to avoid potential NULL pointer dereference due to situations like\nabove, check if skb is not NULL before passing it to zd_mac_tx_status().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38513",
"url": "https://www.suse.com/security/cve/CVE-2025-38513"
},
{
"category": "external",
"summary": "SUSE Bug 1248179 for CVE-2025-38513",
"url": "https://bugzilla.suse.com/1248179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38513"
},
{
"cve": "CVE-2025-38515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38515"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Increment job count before swapping tail spsc queue\n\nA small race exists between spsc_queue_push and the run-job worker, in\nwhich spsc_queue_push may return not-first while the run-job worker has\nalready idled due to the job count being zero. If this race occurs, job\nscheduling stops, leading to hangs while waiting on the job\u0027s DMA\nfences.\n\nSeal this race by incrementing the job count before appending to the\nSPSC queue.\n\nThis race was observed on a drm-tip 6.16-rc1 build with the Xe driver in\nan SVM test case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38515",
"url": "https://www.suse.com/security/cve/CVE-2025-38515"
},
{
"category": "external",
"summary": "SUSE Bug 1248212 for CVE-2025-38515",
"url": "https://bugzilla.suse.com/1248212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38515"
},
{
"cve": "CVE-2025-38516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38516"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: msm: mark certain pins as invalid for interrupts\n\nOn some platforms, the UFS-reset pin has no interrupt logic in TLMM but\nis nevertheless registered as a GPIO in the kernel. This enables the\nuser-space to trigger a BUG() in the pinctrl-msm driver by running, for\nexample: `gpiomon -c 0 113` on RB2.\n\nThe exact culprit is requesting pins whose intr_detection_width setting\nis not 1 or 2 for interrupts. This hits a BUG() in\nmsm_gpio_irq_set_type(). Potentially crashing the kernel due to an\ninvalid request from user-space is not optimal, so let\u0027s go through the\npins and mark those that would fail the check as invalid for the irq chip\nas we should not even register them as available irqs.\n\nThis function can be extended if we determine that there are more\ncorner-cases like this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38516",
"url": "https://www.suse.com/security/cve/CVE-2025-38516"
},
{
"category": "external",
"summary": "SUSE Bug 1248209 for CVE-2025-38516",
"url": "https://bugzilla.suse.com/1248209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38516"
},
{
"cve": "CVE-2025-38520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38520"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Don\u0027t call mmput from MMU notifier callback\n\nIf the process is exiting, the mmput inside mmu notifier callback from\ncompactd or fork or numa balancing could release the last reference\nof mm struct to call exit_mmap and free_pgtable, this triggers deadlock\nwith below backtrace.\n\nThe deadlock will leak kfd process as mmu notifier release is not called\nand cause VRAM leaking.\n\nThe fix is to take mm reference mmget_non_zero when adding prange to the\ndeferred list to pair with mmput in deferred list work.\n\nIf prange split and add into pchild list, the pchild work_item.mm is not\nused, so remove the mm parameter from svm_range_unmap_split and\nsvm_range_add_child.\n\nThe backtrace of hung task:\n\n INFO: task python:348105 blocked for more than 64512 seconds.\n Call Trace:\n __schedule+0x1c3/0x550\n schedule+0x46/0xb0\n rwsem_down_write_slowpath+0x24b/0x4c0\n unlink_anon_vmas+0xb1/0x1c0\n free_pgtables+0xa9/0x130\n exit_mmap+0xbc/0x1a0\n mmput+0x5a/0x140\n svm_range_cpu_invalidate_pagetables+0x2b/0x40 [amdgpu]\n mn_itree_invalidate+0x72/0xc0\n __mmu_notifier_invalidate_range_start+0x48/0x60\n try_to_unmap_one+0x10fa/0x1400\n rmap_walk_anon+0x196/0x460\n try_to_unmap+0xbb/0x210\n migrate_page_unmap+0x54d/0x7e0\n migrate_pages_batch+0x1c3/0xae0\n migrate_pages_sync+0x98/0x240\n migrate_pages+0x25c/0x520\n compact_zone+0x29d/0x590\n compact_zone_order+0xb6/0xf0\n try_to_compact_pages+0xbe/0x220\n __alloc_pages_direct_compact+0x96/0x1a0\n __alloc_pages_slowpath+0x410/0x930\n __alloc_pages_nodemask+0x3a9/0x3e0\n do_huge_pmd_anonymous_page+0xd7/0x3e0\n __handle_mm_fault+0x5e3/0x5f0\n handle_mm_fault+0xf7/0x2e0\n hmm_vma_fault.isra.0+0x4d/0xa0\n walk_pmd_range.isra.0+0xa8/0x310\n walk_pud_range+0x167/0x240\n walk_pgd_range+0x55/0x100\n __walk_page_range+0x87/0x90\n walk_page_range+0xf6/0x160\n hmm_range_fault+0x4f/0x90\n amdgpu_hmm_range_get_pages+0x123/0x230 [amdgpu]\n amdgpu_ttm_tt_get_user_pages+0xb1/0x150 [amdgpu]\n init_user_pages+0xb1/0x2a0 [amdgpu]\n amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x543/0x7d0 [amdgpu]\n kfd_ioctl_alloc_memory_of_gpu+0x24c/0x4e0 [amdgpu]\n kfd_ioctl+0x29d/0x500 [amdgpu]\n\n(cherry picked from commit a29e067bd38946f752b0ef855f3dfff87e77bec7)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38520",
"url": "https://www.suse.com/security/cve/CVE-2025-38520"
},
{
"category": "external",
"summary": "SUSE Bug 1248217 for CVE-2025-38520",
"url": "https://bugzilla.suse.com/1248217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38520"
},
{
"cve": "CVE-2025-38524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38524"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix recv-recv race of completed call\n\nIf a call receives an event (such as incoming data), the call gets placed\non the socket\u0027s queue and a thread in recvmsg can be awakened to go and\nprocess it. Once the thread has picked up the call off of the queue,\nfurther events will cause it to be requeued, and once the socket lock is\ndropped (recvmsg uses call-\u003euser_mutex to allow the socket to be used in\nparallel), a second thread can come in and its recvmsg can pop the call off\nthe socket queue again.\n\nIn such a case, the first thread will be receiving stuff from the call and\nthe second thread will be blocked on call-\u003euser_mutex. The first thread\ncan, at this point, process both the event that it picked call for and the\nevent that the second thread picked the call for and may see the call\nterminate - in which case the call will be \"released\", decoupling the call\nfrom the user call ID assigned to it (RXRPC_USER_CALL_ID in the control\nmessage).\n\nThe first thread will return okay, but then the second thread will wake up\nholding the user_mutex and, if it sees that the call has been released by\nthe first thread, it will BUG thusly:\n\n\tkernel BUG at net/rxrpc/recvmsg.c:474!\n\nFix this by just dequeuing the call and ignoring it if it is seen to be\nalready released. We can\u0027t tell userspace about it anyway as the user call\nID has become stale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38524",
"url": "https://www.suse.com/security/cve/CVE-2025-38524"
},
{
"category": "external",
"summary": "SUSE Bug 1248194 for CVE-2025-38524",
"url": "https://bugzilla.suse.com/1248194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38524"
},
{
"cve": "CVE-2025-38528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38528"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject %p% format string in bprintf-like helpers\n\nstatic const char fmt[] = \"%p%\";\n bpf_trace_printk(fmt, sizeof(fmt));\n\nThe above BPF program isn\u0027t rejected and causes a kernel warning at\nruntime:\n\n Please remove unsupported %\\x00 in format string\n WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0\n\nThis happens because bpf_bprintf_prepare skips over the second %,\ndetected as punctuation, while processing %p. This patch fixes it by\nnot skipping over punctuation. %\\x00 is then processed in the next\niteration and rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38528",
"url": "https://www.suse.com/security/cve/CVE-2025-38528"
},
{
"category": "external",
"summary": "SUSE Bug 1248198 for CVE-2025-38528",
"url": "https://bugzilla.suse.com/1248198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38528"
},
{
"cve": "CVE-2025-38529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38529"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: aio_iiro_16: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38529",
"url": "https://www.suse.com/security/cve/CVE-2025-38529"
},
{
"category": "external",
"summary": "SUSE Bug 1248196 for CVE-2025-38529",
"url": "https://bugzilla.suse.com/1248196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38529"
},
{
"cve": "CVE-2025-38530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38530"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl812: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 board-\u003eirq_bits) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38530",
"url": "https://www.suse.com/security/cve/CVE-2025-38530"
},
{
"category": "external",
"summary": "SUSE Bug 1248206 for CVE-2025-38530",
"url": "https://bugzilla.suse.com/1248206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38530"
},
{
"cve": "CVE-2025-38531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38531"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions \u0026indio_dev-\u003edev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don\u0027t seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38531",
"url": "https://www.suse.com/security/cve/CVE-2025-38531"
},
{
"category": "external",
"summary": "SUSE Bug 1248205 for CVE-2025-38531",
"url": "https://bugzilla.suse.com/1248205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38531"
},
{
"cve": "CVE-2025-38535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38535"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode\n\nWhen transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code\nassumed that the regulator should be disabled. However, if the regulator\nis marked as always-on, regulator_is_enabled() continues to return true,\nleading to an incorrect attempt to disable a regulator which is not\nenabled.\n\nThis can result in warnings such as:\n\n[ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004\n_regulator_disable+0xe4/0x1a0\n[ 250.155652] unbalanced disables for VIN_SYS_5V0\n\nTo fix this, we move the regulator control logic into\ntegra186_xusb_padctl_id_override() function since it\u0027s directly related\nto the ID override state. The regulator is now only disabled when the role\ntransitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID\nregister. This ensures that regulator enable/disable operations are\nproperly balanced and only occur when actually transitioning to/from host\nmode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38535",
"url": "https://www.suse.com/security/cve/CVE-2025-38535"
},
{
"category": "external",
"summary": "SUSE Bug 1248240 for CVE-2025-38535",
"url": "https://bugzilla.suse.com/1248240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38535"
},
{
"cve": "CVE-2025-38537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38537"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Don\u0027t register LEDs for genphy\n\nIf a PHY has no driver, the genphy driver is probed/removed directly in\nphy_attach/detach. If the PHY\u0027s ofnode has an \"leds\" subnode, then the\nLEDs will be (un)registered when probing/removing the genphy driver.\nThis could occur if the leds are for a non-generic driver that isn\u0027t\nloaded for whatever reason. Synchronously removing the PHY device in\nphy_detach leads to the following deadlock:\n\nrtnl_lock()\nndo_close()\n ...\n phy_detach()\n phy_remove()\n phy_leds_unregister()\n led_classdev_unregister()\n led_trigger_set()\n netdev_trigger_deactivate()\n unregister_netdevice_notifier()\n rtnl_lock()\n\nThere is a corresponding deadlock on the open/register side of things\n(and that one is reported by lockdep), but it requires a race while this\none is deterministic.\n\nGeneric PHYs do not support LEDs anyway, so don\u0027t bother registering\nthem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38537",
"url": "https://www.suse.com/security/cve/CVE-2025-38537"
},
{
"category": "external",
"summary": "SUSE Bug 1248229 for CVE-2025-38537",
"url": "https://bugzilla.suse.com/1248229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38537"
},
{
"cve": "CVE-2025-38538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: nbpfaxi: Fix memory corruption in probe()\n\nThe nbpf-\u003echan[] array is allocated earlier in the nbpf_probe() function\nand it has \"num_channels\" elements. These three loops iterate one\nelement farther than they should and corrupt memory.\n\nThe changes to the second loop are more involved. In this case, we\u0027re\ncopying data from the irqbuf[] array into the nbpf-\u003echan[] array. If\nthe data in irqbuf[i] is the error IRQ then we skip it, so the iterators\nare not in sync. I added a check to ensure that we don\u0027t go beyond the\nend of the irqbuf[] array. I\u0027m pretty sure this can\u0027t happen, but it\nseemed harmless to add a check.\n\nOn the other hand, after the loop has ended there is a check to ensure\nthat the \"chan\" iterator is where we expect it to be. In the original\ncode we went one element beyond the end of the array so the iterator\nwasn\u0027t in the correct place and it would always return -EINVAL. However,\nnow it will always be in the correct place. I deleted the check since\nwe know the result.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38538",
"url": "https://www.suse.com/security/cve/CVE-2025-38538"
},
{
"category": "external",
"summary": "SUSE Bug 1248213 for CVE-2025-38538",
"url": "https://bugzilla.suse.com/1248213"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38538"
},
{
"cve": "CVE-2025-38540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras\n\nThe Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 \u0026 04F2:B82C)\nreport a HID sensor interface that is not actually implemented.\nAttempting to access this non-functional sensor via iio_info causes\nsystem hangs as runtime PM tries to wake up an unresponsive sensor.\n\nAdd these 2 devices to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38540",
"url": "https://www.suse.com/security/cve/CVE-2025-38540"
},
{
"category": "external",
"summary": "SUSE Bug 1248208 for CVE-2025-38540",
"url": "https://bugzilla.suse.com/1248208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38540"
},
{
"cve": "CVE-2025-38541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()\n\ndevm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38541",
"url": "https://www.suse.com/security/cve/CVE-2025-38541"
},
{
"category": "external",
"summary": "SUSE Bug 1248216 for CVE-2025-38541",
"url": "https://bugzilla.suse.com/1248216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38541"
},
{
"cve": "CVE-2025-38543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: nvdec: Fix dma_alloc_coherent error check\n\nCheck for NULL return value with dma_alloc_coherent, in line with\nRobin\u0027s fix for vic.c in \u0027drm/tegra: vic: Fix DMA API misuse\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38543",
"url": "https://www.suse.com/security/cve/CVE-2025-38543"
},
{
"category": "external",
"summary": "SUSE Bug 1248214 for CVE-2025-38543",
"url": "https://bugzilla.suse.com/1248214"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38543"
},
{
"cve": "CVE-2025-38546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix memory leak of struct clip_vcc.\n\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc-\u003euser_back.\n\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc-\u003epush() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\n\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc-\u003epush() in\natm_init_atmarp(), resulting in memory leak.\n\nLet\u0027s serialise two ioctl() by lock_sock() and check vcc-\u003epush()\nin atm_init_atmarp() to prevent memleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38546",
"url": "https://www.suse.com/security/cve/CVE-2025-38546"
},
{
"category": "external",
"summary": "SUSE Bug 1248223 for CVE-2025-38546",
"url": "https://bugzilla.suse.com/1248223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38546"
},
{
"cve": "CVE-2025-38548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (corsair-cpro) Validate the size of the received input buffer\n\nAdd buffer_recv_size to store the size of the received bytes.\nValidate buffer_recv_size in send_usb_cmd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38548",
"url": "https://www.suse.com/security/cve/CVE-2025-38548"
},
{
"category": "external",
"summary": "SUSE Bug 1248228 for CVE-2025-38548",
"url": "https://bugzilla.suse.com/1248228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38548"
},
{
"cve": "CVE-2025-38550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec()\n\npmc-\u003eidev is still used in ip6_mc_clear_src(), so as mld_clear_delrec()\ndoes, the reference should be put after ip6_mc_clear_src() return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38550",
"url": "https://www.suse.com/security/cve/CVE-2025-38550"
},
{
"category": "external",
"summary": "SUSE Bug 1248227 for CVE-2025-38550",
"url": "https://bugzilla.suse.com/1248227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38550"
},
{
"cve": "CVE-2025-38553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Restrict conditions for adding duplicating netems to qdisc tree\n\nnetem_enqueue\u0027s duplication prevention logic breaks when a netem\nresides in a qdisc tree with other netems - this can lead to a\nsoft lockup and OOM loop in netem_dequeue, as seen in [1].\nEnsure that a duplicating netem cannot exist in a tree with other\nnetems.\n\nPrevious approaches suggested in discussions in chronological order:\n\n1) Track duplication status or ttl in the sk_buff struct. Considered\ntoo specific a use case to extend such a struct, though this would\nbe a resilient fix and address other previous and potential future\nDOS bugs like the one described in loopy fun [2].\n\n2) Restrict netem_enqueue recursion depth like in act_mirred with a\nper cpu variable. However, netem_dequeue can call enqueue on its\nchild, and the depth restriction could be bypassed if the child is a\nnetem.\n\n3) Use the same approach as in 2, but add metadata in netem_skb_cb\nto handle the netem_dequeue case and track a packet\u0027s involvement\nin duplication. This is an overly complex approach, and Jamal\nnotes that the skb cb can be overwritten to circumvent this\nsafeguard.\n\n4) Prevent the addition of a netem to a qdisc tree if its ancestral\npath contains a netem. However, filters and actions can cause a\npacket to change paths when re-enqueued to the root from netem\nduplication, leading us to the current solution: prevent a\nduplicating netem from inhabiting the same tree as other netems.\n\n[1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/\n[2] https://lwn.net/Articles/719297/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38553",
"url": "https://www.suse.com/security/cve/CVE-2025-38553"
},
{
"category": "external",
"summary": "SUSE Bug 1248255 for CVE-2025-38553",
"url": "https://bugzilla.suse.com/1248255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38553"
},
{
"cve": "CVE-2025-38555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -\u003e composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev-\u003eos_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -\u003e composite_dev_cleanup():\nit will checks whether cdev-\u003eos_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38555",
"url": "https://www.suse.com/security/cve/CVE-2025-38555"
},
{
"category": "external",
"summary": "SUSE Bug 1248297 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "external",
"summary": "SUSE Bug 1248298 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38555"
},
{
"cve": "CVE-2025-38560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Evict cache lines during SNP memory validation\n\nAn SNP cache coherency vulnerability requires a cache line eviction\nmitigation when validating memory after a page state change to private.\nThe specific mitigation is to touch the first and last byte of each 4K\npage that is being validated. There is no need to perform the mitigation\nwhen performing a page state change to shared and rescinding validation.\n\nCPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit\nthat, when set, indicates that the software mitigation for this\nvulnerability is not needed.\n\nImplement the mitigation and invoke it when validating memory (making it\nprivate) and the COHERENCY_SFW_NO bit is not set, indicating the SNP\nguest is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38560",
"url": "https://www.suse.com/security/cve/CVE-2025-38560"
},
{
"category": "external",
"summary": "SUSE Bug 1248312 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "external",
"summary": "SUSE Bug 1248313 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38560"
},
{
"cve": "CVE-2025-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Prevent VMA split of buffer mappings\n\nThe perf mmap code is careful about mmap()\u0027ing the user page with the\nringbuffer and additionally the auxiliary buffer, when the event supports\nit. Once the first mapping is established, subsequent mapping have to use\nthe same offset and the same size in both cases. The reference counting for\nthe ringbuffer and the auxiliary buffer depends on this being correct.\n\nThough perf does not prevent that a related mapping is split via mmap(2),\nmunmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls,\nwhich take reference counts, but then the subsequent perf_mmap_close()\ncalls are not longer fulfilling the offset and size checks. This leads to\nreference count leaks.\n\nAs perf already has the requirement for subsequent mappings to match the\ninitial mapping, the obvious consequence is that VMA splits, caused by\nresizing of a mapping or partial unmapping, have to be prevented.\n\nImplement the vm_operations_struct::may_split() callback and return\nunconditionally -EINVAL.\n\nThat ensures that the mapping offsets and sizes cannot be changed after the\nfact. Remapping to a different fixed address with the same size is still\npossible as it takes the references for the new mapping and drops those of\nthe old mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38563",
"url": "https://www.suse.com/security/cve/CVE-2025-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1248306 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "external",
"summary": "SUSE Bug 1248307 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38563"
},
{
"cve": "CVE-2025-38565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38565"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Exit early on perf_mmap() fail\n\nWhen perf_mmap() fails to allocate a buffer, it still invokes the\nevent_mapped() callback of the related event. On X86 this might increase\nthe perf_rdpmc_allowed reference counter. But nothing undoes this as\nperf_mmap_close() is never called in this case, which causes another\nreference count leak.\n\nReturn early on failure to prevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38565",
"url": "https://www.suse.com/security/cve/CVE-2025-38565"
},
{
"category": "external",
"summary": "SUSE Bug 1248377 for CVE-2025-38565",
"url": "https://bugzilla.suse.com/1248377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-38565"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: mqprio: fix stack out-of-bounds write in tc entry parsing\n\nTCA_MQPRIO_TC_ENTRY_INDEX is validated using\nNLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value\nTC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack\nwrite in the fp[] array, which only has room for 16 elements (0-15).\n\nFix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38568",
"url": "https://www.suse.com/security/cve/CVE-2025-38568"
},
{
"category": "external",
"summary": "SUSE Bug 1248386 for CVE-2025-38568",
"url": "https://bugzilla.suse.com/1248386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38568"
},
{
"cve": "CVE-2025-38571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix client side handling of tls alerts\n\nA security exploit was discovered in NFS over TLS in tls_alert_recv\ndue to its assumption that there is valid data in the msghdr\u0027s\niterator\u0027s kvec.\n\nInstead, this patch proposes the rework how control messages are\nsetup and used by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a kvec\nbacked control buffer and read in the control message such as a TLS\nalert. Scott found that a msg iterator can advance the kvec pointer\nas a part of the copy process thus we need to revert the iterator\nbefore calling into the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38571",
"url": "https://www.suse.com/security/cve/CVE-2025-38571"
},
{
"category": "external",
"summary": "SUSE Bug 1248401 for CVE-2025-38571",
"url": "https://bugzilla.suse.com/1248401"
},
{
"category": "external",
"summary": "SUSE Bug 1248402 for CVE-2025-38571",
"url": "https://bugzilla.suse.com/1248402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38571"
},
{
"cve": "CVE-2025-38572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: reject malicious packets in ipv6_gso_segment()\n\nsyzbot was able to craft a packet with very long IPv6 extension headers\nleading to an overflow of skb-\u003etransport_header.\n\nThis 16bit field has a limited range.\n\nAdd skb_reset_transport_header_careful() helper and use it\nfrom ipv6_gso_segment()\n\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nModules linked in:\nCPU: 0 UID: 0 PID: 5871 Comm: syz-executor211 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\n RIP: 0010:ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nCall Trace:\n \u003cTASK\u003e\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n nsh_gso_segment+0x54a/0xe10 net/nsh/nsh.c:110\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n __skb_gso_segment+0x342/0x510 net/core/gso.c:124\n skb_gso_segment include/net/gso.h:83 [inline]\n validate_xmit_skb+0x857/0x11b0 net/core/dev.c:3950\n validate_xmit_skb_list+0x84/0x120 net/core/dev.c:4000\n sch_direct_xmit+0xd3/0x4b0 net/sched/sch_generic.c:329\n __dev_xmit_skb net/core/dev.c:4102 [inline]\n __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4679",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38572",
"url": "https://www.suse.com/security/cve/CVE-2025-38572"
},
{
"category": "external",
"summary": "SUSE Bug 1248399 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248399"
},
{
"category": "external",
"summary": "SUSE Bug 1248400 for CVE-2025-38572",
"url": "https://bugzilla.suse.com/1248400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38572"
},
{
"cve": "CVE-2025-38576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: Make EEH driver device hotplug safe\n\nMultiple race conditions existed between the PCIe hotplug driver and the\nEEH driver, leading to a variety of kernel oopses of the same general\nnature:\n\n\u003cpcie device unplug\u003e\n\u003ceeh driver trigger\u003e\n\u003chotplug removal trigger\u003e\n\u003cpcie tree reconfiguration\u003e\n\u003ceeh recovery next step\u003e\n\u003coops in EEH driver bus iteration loop\u003e\n\nA second class of oops is also seen when the underlying bus disappears\nduring device recovery.\n\nRefactor the EEH module to be PCI rescan and remove safe. Also clean\nup a few minor formatting / readability issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38576",
"url": "https://www.suse.com/security/cve/CVE-2025-38576"
},
{
"category": "external",
"summary": "SUSE Bug 1248354 for CVE-2025-38576",
"url": "https://bugzilla.suse.com/1248354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38576"
},
{
"cve": "CVE-2025-38581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix crash when rebind ccp device for ccp.ko\n\nWhen CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding\nthe ccp device causes the following crash:\n\n$ echo \u00270000:0a:00.2\u0027 \u003e /sys/bus/pci/drivers/ccp/unbind\n$ echo \u00270000:0a:00.2\u0027 \u003e /sys/bus/pci/drivers/ccp/bind\n\n[ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 204.978026] #PF: supervisor write access in kernel mode\n[ 204.979126] #PF: error_code(0x0002) - not-present page\n[ 204.980226] PGD 0 P4D 0\n[ 204.981317] Oops: Oops: 0002 [#1] SMP NOPTI\n...\n[ 204.997852] Call Trace:\n[ 204.999074] \u003cTASK\u003e\n[ 205.000297] start_creating+0x9f/0x1c0\n[ 205.001533] debugfs_create_dir+0x1f/0x170\n[ 205.002769] ? srso_return_thunk+0x5/0x5f\n[ 205.004000] ccp5_debugfs_setup+0x87/0x170 [ccp]\n[ 205.005241] ccp5_init+0x8b2/0x960 [ccp]\n[ 205.006469] ccp_dev_init+0xd4/0x150 [ccp]\n[ 205.007709] sp_init+0x5f/0x80 [ccp]\n[ 205.008942] sp_pci_probe+0x283/0x2e0 [ccp]\n[ 205.010165] ? srso_return_thunk+0x5/0x5f\n[ 205.011376] local_pci_probe+0x4f/0xb0\n[ 205.012584] pci_device_probe+0xdb/0x230\n[ 205.013810] really_probe+0xed/0x380\n[ 205.015024] __driver_probe_device+0x7e/0x160\n[ 205.016240] device_driver_attach+0x2f/0x60\n[ 205.017457] bind_store+0x7c/0xb0\n[ 205.018663] drv_attr_store+0x28/0x40\n[ 205.019868] sysfs_kf_write+0x5f/0x70\n[ 205.021065] kernfs_fop_write_iter+0x145/0x1d0\n[ 205.022267] vfs_write+0x308/0x440\n[ 205.023453] ksys_write+0x6d/0xe0\n[ 205.024616] __x64_sys_write+0x1e/0x30\n[ 205.025778] x64_sys_call+0x16ba/0x2150\n[ 205.026942] do_syscall_64+0x56/0x1e0\n[ 205.028108] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 205.029276] RIP: 0033:0x7fbc36f10104\n[ 205.030420] Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 e1 08 2e 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5\n\nThis patch sets ccp_debugfs_dir to NULL after destroying it in\nccp5_debugfs_destroy, allowing the directory dentry to be\nrecreated when rebinding the ccp device.\n\nTested on AMD Ryzen 7 1700X.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38581",
"url": "https://www.suse.com/security/cve/CVE-2025-38581"
},
{
"category": "external",
"summary": "SUSE Bug 1248345 for CVE-2025-38581",
"url": "https://bugzilla.suse.com/1248345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38581"
},
{
"cve": "CVE-2025-38582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix double destruction of rsv_qp\n\nrsv_qp may be double destroyed in error flow, first in free_mr_init(),\nand then in hns_roce_exit(). Fix it by moving the free_mr_init() call\ninto hns_roce_v2_init().\n\nlist_del corruption, ffff589732eb9b50-\u003enext is LIST_POISON1 (dead000000000100)\nWARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240\n...\nCall trace:\n __list_del_entry_valid+0x148/0x240\n hns_roce_qp_remove+0x4c/0x3f0 [hns_roce_hw_v2]\n hns_roce_v2_destroy_qp_common+0x1dc/0x5f4 [hns_roce_hw_v2]\n hns_roce_v2_destroy_qp+0x22c/0x46c [hns_roce_hw_v2]\n free_mr_exit+0x6c/0x120 [hns_roce_hw_v2]\n hns_roce_v2_exit+0x170/0x200 [hns_roce_hw_v2]\n hns_roce_exit+0x118/0x350 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x1c8/0x304 [hns_roce_hw_v2]\n hns_roce_hw_v2_reset_notify_init+0x170/0x21c [hns_roce_hw_v2]\n hns_roce_hw_v2_reset_notify+0x6c/0x190 [hns_roce_hw_v2]\n hclge_notify_roce_client+0x6c/0x160 [hclge]\n hclge_reset_rebuild+0x150/0x5c0 [hclge]\n hclge_reset+0x10c/0x140 [hclge]\n hclge_reset_subtask+0x80/0x104 [hclge]\n hclge_reset_service_task+0x168/0x3ac [hclge]\n hclge_service_task+0x50/0x100 [hclge]\n process_one_work+0x250/0x9a0\n worker_thread+0x324/0x990\n kthread+0x190/0x210\n ret_from_fork+0x10/0x18",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38582",
"url": "https://www.suse.com/security/cve/CVE-2025-38582"
},
{
"category": "external",
"summary": "SUSE Bug 1248349 for CVE-2025-38582",
"url": "https://bugzilla.suse.com/1248349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38582"
},
{
"cve": "CVE-2025-38583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: xilinx: vcu: unregister pll_post only if registered correctly\n\nIf registration of pll_post is failed, it will be set to NULL or ERR,\nunregistering same will fail with following call trace:\n\nUnable to handle kernel NULL pointer dereference at virtual address 008\npc : clk_hw_unregister+0xc/0x20\nlr : clk_hw_unregister_fixed_factor+0x18/0x30\nsp : ffff800011923850\n...\nCall trace:\n clk_hw_unregister+0xc/0x20\n clk_hw_unregister_fixed_factor+0x18/0x30\n xvcu_unregister_clock_provider+0xcc/0xf4 [xlnx_vcu]\n xvcu_probe+0x2bc/0x53c [xlnx_vcu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38583",
"url": "https://www.suse.com/security/cve/CVE-2025-38583"
},
{
"category": "external",
"summary": "SUSE Bug 1248350 for CVE-2025-38583",
"url": "https://bugzilla.suse.com/1248350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38583"
},
{
"cve": "CVE-2025-38585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()\n\nWhen gmin_get_config_var() calls efi.get_variable() and the EFI variable\nis larger than the expected buffer size, two behaviors combine to create\na stack buffer overflow:\n\n1. gmin_get_config_var() does not return the proper error code when\n efi.get_variable() fails. It returns the stale \u0027ret\u0027 value from\n earlier operations instead of indicating the EFI failure.\n\n2. When efi.get_variable() returns EFI_BUFFER_TOO_SMALL, it updates\n *out_len to the required buffer size but writes no data to the output\n buffer. However, due to bug #1, gmin_get_var_int() believes the call\n succeeded.\n\nThe caller gmin_get_var_int() then performs:\n- Allocates val[CFG_VAR_NAME_MAX + 1] (65 bytes) on stack\n- Calls gmin_get_config_var(dev, is_gmin, var, val, \u0026len) with len=64\n- If EFI variable is \u003e64 bytes, efi.get_variable() sets len=required_size\n- Due to bug #1, thinks call succeeded with len=required_size\n- Executes val[len] = 0, writing past end of 65-byte stack buffer\n\nThis creates a stack buffer overflow when EFI variables are larger than\n64 bytes. Since EFI variables can be controlled by firmware or system\nconfiguration, this could potentially be exploited for code execution.\n\nFix the bug by returning proper error codes from gmin_get_config_var()\nbased on EFI status instead of stale \u0027ret\u0027 value.\n\nThe gmin_get_var_int() function is called during device initialization\nfor camera sensor configuration on Intel Bay Trail and Cherry Trail\nplatforms using the atomisp camera stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38585",
"url": "https://www.suse.com/security/cve/CVE-2025-38585"
},
{
"category": "external",
"summary": "SUSE Bug 1248355 for CVE-2025-38585",
"url": "https://bugzilla.suse.com/1248355"
},
{
"category": "external",
"summary": "SUSE Bug 1248671 for CVE-2025-38585",
"url": "https://bugzilla.suse.com/1248671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38585"
},
{
"cve": "CVE-2025-38587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38587"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible infinite loop in fib6_info_uses_dev()\n\nfib6_info_uses_dev() seems to rely on RCU without an explicit\nprotection.\n\nLike the prior fix in rt6_nlmsg_size(),\nwe need to make sure fib6_del_route() or fib6_add_rt2node()\nhave not removed the anchor from the list, or we risk an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38587",
"url": "https://www.suse.com/security/cve/CVE-2025-38587"
},
{
"category": "external",
"summary": "SUSE Bug 1248361 for CVE-2025-38587",
"url": "https://bugzilla.suse.com/1248361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38587"
},
{
"cve": "CVE-2025-38588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent infinite loop in rt6_nlmsg_size()\n\nWhile testing prior patch, I was able to trigger\nan infinite loop in rt6_nlmsg_size() in the following place:\n\nlist_for_each_entry_rcu(sibling, \u0026f6i-\u003efib6_siblings,\n\t\t\tfib6_siblings) {\n\trt6_nh_nlmsg_size(sibling-\u003efib6_nh, \u0026nexthop_len);\n}\n\nThis is because fib6_del_route() and fib6_add_rt2node()\nuses list_del_rcu(), which can confuse rcu readers,\nbecause they might no longer see the head of the list.\n\nRestart the loop if f6i-\u003efib6_nsiblings is zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38588",
"url": "https://www.suse.com/security/cve/CVE-2025-38588"
},
{
"category": "external",
"summary": "SUSE Bug 1248368 for CVE-2025-38588",
"url": "https://bugzilla.suse.com/1248368"
},
{
"category": "external",
"summary": "SUSE Bug 1249241 for CVE-2025-38588",
"url": "https://bugzilla.suse.com/1249241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38588"
},
{
"cve": "CVE-2025-38591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38591"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject narrower access to pointer ctx fields\n\nThe following BPF program, simplified from a syzkaller repro, causes a\nkernel warning:\n\n r0 = *(u8 *)(r1 + 169);\n exit;\n\nWith pointer field sk being at offset 168 in __sk_buff. This access is\ndetected as a narrower read in bpf_skb_is_valid_access because it\ndoesn\u0027t match offsetof(struct __sk_buff, sk). It is therefore allowed\nand later proceeds to bpf_convert_ctx_access. Note that for the\n\"is_narrower_load\" case in the convert_ctx_accesses(), the insn-\u003eoff\nis aligned, so the cnt may not be 0 because it matches the\noffsetof(struct __sk_buff, sk) in the bpf_convert_ctx_access. However,\nthe target_size stays 0 and the verifier errors with a kernel warning:\n\n verifier bug: error during ctx access conversion(1)\n\nThis patch fixes that to return a proper \"invalid bpf_context access\noff=X size=Y\" error on the load instruction.\n\nThe same issue affects multiple other fields in context structures that\nallow narrow access. Some other non-affected fields (for sk_msg,\nsk_lookup, and sockopt) were also changed to use bpf_ctx_range_ptr for\nconsistency.\n\nNote this syzkaller crash was reported in the \"Closes\" link below, which\nused to be about a different bug, fixed in\ncommit fce7bd8e385a (\"bpf/verifier: Handle BPF_LOAD_ACQ instructions\nin insn_def_regno()\"). Because syzbot somehow confused the two bugs,\nthe new crash and repro didn\u0027t get reported to the mailing list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38591",
"url": "https://www.suse.com/security/cve/CVE-2025-38591"
},
{
"category": "external",
"summary": "SUSE Bug 1248363 for CVE-2025-38591",
"url": "https://bugzilla.suse.com/1248363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38591"
},
{
"cve": "CVE-2025-38601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: clear initialized flag for deinit-ed srng lists\n\nIn a number of cases we see kernel panics on resume due\nto ath11k kernel page fault, which happens under the\nfollowing circumstances:\n\n1) First ath11k_hal_dump_srng_stats() call\n\n Last interrupt received for each group:\n ath11k_pci 0000:01:00.0: group_id 0 22511ms before\n ath11k_pci 0000:01:00.0: group_id 1 14440788ms before\n [..]\n ath11k_pci 0000:01:00.0: failed to receive control response completion, polling..\n ath11k_pci 0000:01:00.0: Service connect timeout\n ath11k_pci 0000:01:00.0: failed to connect to HTT: -110\n ath11k_pci 0000:01:00.0: failed to start core: -110\n ath11k_pci 0000:01:00.0: firmware crashed: MHI_CB_EE_RDDM\n ath11k_pci 0000:01:00.0: already resetting count 2\n ath11k_pci 0000:01:00.0: failed to wait wlan mode request (mode 4): -110\n ath11k_pci 0000:01:00.0: qmi failed to send wlan mode off: -110\n ath11k_pci 0000:01:00.0: failed to reconfigure driver on crash recovery\n [..]\n\n2) At this point reconfiguration fails (we have 2 resets) and\n ath11k_core_reconfigure_on_crash() calls ath11k_hal_srng_deinit()\n which destroys srng lists. However, it does not reset per-list\n -\u003einitialized flag.\n\n3) Second ath11k_hal_dump_srng_stats() call sees stale -\u003einitialized\n flag and attempts to dump srng stats:\n\n Last interrupt received for each group:\n ath11k_pci 0000:01:00.0: group_id 0 66785ms before\n ath11k_pci 0000:01:00.0: group_id 1 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 2 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 3 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 4 14780845ms before\n ath11k_pci 0000:01:00.0: group_id 5 14780845ms before\n ath11k_pci 0000:01:00.0: group_id 6 14485062ms before\n ath11k_pci 0000:01:00.0: group_id 7 66814ms before\n ath11k_pci 0000:01:00.0: group_id 8 68997ms before\n ath11k_pci 0000:01:00.0: group_id 9 67588ms before\n ath11k_pci 0000:01:00.0: group_id 10 69511ms before\n BUG: unable to handle page fault for address: ffffa007404eb010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 100000067 P4D 100000067 PUD 10022d067 PMD 100b01067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:ath11k_hal_dump_srng_stats+0x2b4/0x3b0 [ath11k]\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0xae/0xb0\n ? page_fault_oops+0x381/0x3e0\n ? exc_page_fault+0x69/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? ath11k_hal_dump_srng_stats+0x2b4/0x3b0 [ath11k (HASH:6cea 4)]\n ath11k_qmi_driver_event_work+0xbd/0x1050 [ath11k (HASH:6cea 4)]\n worker_thread+0x389/0x930\n kthread+0x149/0x170\n\nClear per-list -\u003einitialized flag in ath11k_hal_srng_deinit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38601",
"url": "https://www.suse.com/security/cve/CVE-2025-38601"
},
{
"category": "external",
"summary": "SUSE Bug 1248340 for CVE-2025-38601",
"url": "https://bugzilla.suse.com/1248340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38601"
},
{
"cve": "CVE-2025-38602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: Add missing check for alloc_ordered_workqueue\n\nAdd check for the return value of alloc_ordered_workqueue since it may\nreturn NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38602",
"url": "https://www.suse.com/security/cve/CVE-2025-38602"
},
{
"category": "external",
"summary": "SUSE Bug 1248341 for CVE-2025-38602",
"url": "https://bugzilla.suse.com/1248341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38602"
},
{
"cve": "CVE-2025-38604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Kill URBs before clearing tx status queue\n\nIn rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing\nb_tx_status.queue. This change prevents callbacks from using already freed\nskb due to anchor was not killed before freeing such skb.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Not tainted 6.15.0 #8 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n RIP: 0010:ieee80211_tx_status_irqsafe+0x21/0xc0 [mac80211]\n Call Trace:\n \u003cIRQ\u003e\n rtl8187_tx_cb+0x116/0x150 [rtl8187]\n __usb_hcd_giveback_urb+0x9d/0x120\n usb_giveback_urb_bh+0xbb/0x140\n process_one_work+0x19b/0x3c0\n bh_worker+0x1a7/0x210\n tasklet_action+0x10/0x30\n handle_softirqs+0xf0/0x340\n __irq_exit_rcu+0xcd/0xf0\n common_interrupt+0x85/0xa0\n \u003c/IRQ\u003e\n\nTested on RTL8187BvE device.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38604",
"url": "https://www.suse.com/security/cve/CVE-2025-38604"
},
{
"category": "external",
"summary": "SUSE Bug 1248333 for CVE-2025-38604",
"url": "https://bugzilla.suse.com/1248333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38604"
},
{
"cve": "CVE-2025-38608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38608",
"url": "https://www.suse.com/security/cve/CVE-2025-38608"
},
{
"category": "external",
"summary": "SUSE Bug 1248338 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "external",
"summary": "SUSE Bug 1248670 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38608"
},
{
"cve": "CVE-2025-38609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Check governor before using governor-\u003ename\n\nCommit 96ffcdf239de (\"PM / devfreq: Remove redundant governor_name from\nstruct devfreq\") removes governor_name and uses governor-\u003ename to replace\nit. But devfreq-\u003egovernor may be NULL and directly using\ndevfreq-\u003egovernor-\u003ename may cause null pointer exception. Move the check of\ngovernor to before using governor-\u003ename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38609",
"url": "https://www.suse.com/security/cve/CVE-2025-38609"
},
{
"category": "external",
"summary": "SUSE Bug 1248337 for CVE-2025-38609",
"url": "https://bugzilla.suse.com/1248337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38609"
},
{
"cve": "CVE-2025-38610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38610"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()\n\nThe get_pd_power_uw() function can crash with a NULL pointer dereference\nwhen em_cpu_get() returns NULL. This occurs when a CPU becomes impossible\nduring runtime, causing get_cpu_device() to return NULL, which propagates\nthrough em_cpu_get() and leads to a crash when em_span_cpus() dereferences\nthe NULL pointer.\n\nAdd a NULL check after em_cpu_get() and return 0 if unavailable,\nmatching the existing fallback behavior in __dtpm_cpu_setup().\n\n[ rjw: Drop an excess empty code line ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38610",
"url": "https://www.suse.com/security/cve/CVE-2025-38610"
},
{
"category": "external",
"summary": "SUSE Bug 1248395 for CVE-2025-38610",
"url": "https://bugzilla.suse.com/1248395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38610"
},
{
"cve": "CVE-2025-38612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38612"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()\n\nIn the error paths after fb_info structure is successfully allocated,\nthe memory allocated in fb_deferred_io_init() for info-\u003epagerefs is not\nfreed. Fix that by adding the cleanup function on the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38612",
"url": "https://www.suse.com/security/cve/CVE-2025-38612"
},
{
"category": "external",
"summary": "SUSE Bug 1248390 for CVE-2025-38612",
"url": "https://bugzilla.suse.com/1248390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38612"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: make rdev_addable usable for rcu mode\n\nOur testcase trigger panic:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000e0\n...\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94\nPREEMPT(none)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nWorkqueue: md_misc md_start_sync\nRIP: 0010:rdev_addable+0x4d/0xf0\n...\nCall Trace:\n \u003cTASK\u003e\n md_start_sync+0x329/0x480\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x14d/0x180\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nModules linked in: raid10\nCR2: 00000000000000e0\n---[ end trace 0000000000000000 ]---\nRIP: 0010:rdev_addable+0x4d/0xf0\n\nmd_spares_need_change in md_start_sync will call rdev_addable which\nprotected by rcu_read_lock/rcu_read_unlock. This rcu context will help\nprotect rdev won\u0027t be released, but rdev-\u003emddev will be set to NULL\nbefore we call synchronize_rcu in md_kick_rdev_from_array. Fix this by\nusing READ_ONCE and check does rdev-\u003emddev still alive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38621",
"url": "https://www.suse.com/security/cve/CVE-2025-38621"
},
{
"category": "external",
"summary": "SUSE Bug 1248609 for CVE-2025-38621",
"url": "https://bugzilla.suse.com/1248609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38621"
},
{
"cve": "CVE-2025-38624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38624"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pnv_php: Clean up allocated IRQs on unplug\n\nWhen the root of a nested PCIe bridge configuration is unplugged, the\npnv_php driver leaked the allocated IRQ resources for the child bridges\u0027\nhotplug event notifications, resulting in a panic.\n\nFix this by walking all child buses and deallocating all its IRQ resources\nbefore calling pci_hp_remove_devices().\n\nAlso modify the lifetime of the workqueue at struct pnv_php_slot::wq so\nthat it is only destroyed in pnv_php_free_slot(), instead of\npnv_php_disable_irq(). This is required since pnv_php_disable_irq() will\nnow be called by workers triggered by hot unplug interrupts, so the\nworkqueue needs to stay allocated.\n\nThe abridged kernel panic that occurs without this patch is as follows:\n\n WARNING: CPU: 0 PID: 687 at kernel/irq/msi.c:292 msi_device_data_release+0x6c/0x9c\n CPU: 0 UID: 0 PID: 687 Comm: bash Not tainted 6.14.0-rc5+ #2\n Call Trace:\n msi_device_data_release+0x34/0x9c (unreliable)\n release_nodes+0x64/0x13c\n devres_release_all+0xc0/0x140\n device_del+0x2d4/0x46c\n pci_destroy_dev+0x5c/0x194\n pci_hp_remove_devices+0x90/0x128\n pci_hp_remove_devices+0x44/0x128\n pnv_php_disable_slot+0x54/0xd4\n power_write_file+0xf8/0x18c\n pci_slot_attr_store+0x40/0x5c\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x3bc/0x50c\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x230\n system_call_vectored_common+0x15c/0x2ec\n\n[bhelgaas: tidy comments]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38624",
"url": "https://www.suse.com/security/cve/CVE-2025-38624"
},
{
"category": "external",
"summary": "SUSE Bug 1248617 for CVE-2025-38624",
"url": "https://bugzilla.suse.com/1248617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38624"
},
{
"cve": "CVE-2025-38630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref\n\nfb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot\nallocate a struct fb_modelist. If that happens, the modelist stays empty but\nthe driver continues to register. Add a check for its return value to prevent\npoteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 (\"fbdev:\nFix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38630",
"url": "https://www.suse.com/security/cve/CVE-2025-38630"
},
{
"category": "external",
"summary": "SUSE Bug 1248575 for CVE-2025-38630",
"url": "https://bugzilla.suse.com/1248575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38630"
},
{
"cve": "CVE-2025-38632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinmux: fix race causing mux_owner NULL with active mux_usecount\n\ncommit 5a3e85c3c397 (\"pinmux: Use sequential access to access\ndesc-\u003epinmux data\") tried to address the issue when two client of the\nsame gpio calls pinctrl_select_state() for the same functionality, was\nresulting in NULL pointer issue while accessing desc-\u003emux_owner.\nHowever, issue was not completely fixed due to the way it was handled\nand it can still result in the same NULL pointer.\n\nThe issue occurs due to the following interleaving:\n\n cpu0 (process A) cpu1 (process B)\n\n pin_request() { pin_free() {\n\n mutex_lock()\n desc-\u003emux_usecount--; //becomes 0\n ..\n mutex_unlock()\n\n mutex_lock(desc-\u003emux)\n desc-\u003emux_usecount++; // becomes 1\n desc-\u003emux_owner = owner;\n mutex_unlock(desc-\u003emux)\n\n mutex_lock(desc-\u003emux)\n desc-\u003emux_owner = NULL;\n mutex_unlock(desc-\u003emux)\n\nThis sequence leads to a state where the pin appears to be in use\n(`mux_usecount == 1`) but has no owner (`mux_owner == NULL`), which can\ncause NULL pointer on next pin_request on the same pin.\n\nEnsure that updates to mux_usecount and mux_owner are performed\natomically under the same lock. Only clear mux_owner when mux_usecount\nreaches zero and no new owner has been assigned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38632",
"url": "https://www.suse.com/security/cve/CVE-2025-38632"
},
{
"category": "external",
"summary": "SUSE Bug 1248669 for CVE-2025-38632",
"url": "https://bugzilla.suse.com/1248669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38632"
},
{
"cve": "CVE-2025-38634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: cpcap-charger: Fix null check for power_supply_get_by_name\n\nIn the cpcap_usb_detect() function, the power_supply_get_by_name()\nfunction may return `NULL` instead of an error pointer.\nTo prevent potential null pointer dereferences, Added a null check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38634",
"url": "https://www.suse.com/security/cve/CVE-2025-38634"
},
{
"category": "external",
"summary": "SUSE Bug 1248666 for CVE-2025-38634",
"url": "https://bugzilla.suse.com/1248666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38634"
},
{
"cve": "CVE-2025-38635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: davinci: Add NULL check in davinci_lpsc_clk_register()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ndavinci_lpsc_clk_register() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensuring\nno resources are left allocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38635",
"url": "https://www.suse.com/security/cve/CVE-2025-38635"
},
{
"category": "external",
"summary": "SUSE Bug 1248573 for CVE-2025-38635",
"url": "https://bugzilla.suse.com/1248573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38635"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band\n\nWith a quite rare chance, RX report might be problematic to make SW think\na packet is received on 6 GHz band even if the chip does not support 6 GHz\nband actually. Since SW won\u0027t initialize stuffs for unsupported bands, NULL\ndereference will happen then in the sequence, rtw89_vif_rx_stats_iter() -\u003e\nrtw89_core_cancel_6ghz_probe_tx(). So, add a check to avoid it.\n\nThe following is a crash log for this case.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000032\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 1907 Comm: irq/131-rtw89_p Tainted: G U 6.6.56-05896-g89f5fb0eb30b #1 (HASH:1400 4)\n Hardware name: Google Telith/Telith, BIOS Google_Telith.15217.747.0 11/12/2024\n RIP: 0010:rtw89_vif_rx_stats_iter+0xd2/0x310 [rtw89_core]\n Code: 4c 89 7d c8 48 89 55 c0 49 8d 44 24 02 48 89 45 b8 45 31 ff eb 11\n 41 c6 45 3a 01 41 b7 01 4d 8b 6d 00 4d 39 f5 74 42 8b 43 10 \u003c41\u003e 33 45\n 32 0f b7 4b 14 66 41 33 4d 36 0f b7 c9 09 c1 74 d8 4d 85\n RSP: 0018:ffff9f3080138ca0 EFLAGS: 00010246\n RAX: 00000000b8bf5770 RBX: ffff91b5e8c639c0 RCX: 0000000000000011\n RDX: ffff91b582de1be8 RSI: 0000000000000000 RDI: ffff91b5e8c639e6\n RBP: ffff9f3080138d00 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff91b59de70000 R11: ffffffffc069be50 R12: ffff91b5e8c639e4\n R13: 0000000000000000 R14: ffff91b5828020b8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff91b8efa40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000032 CR3: 00000002bf838000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ? rtw89_vif_rx_stats_iter+0xd2/0x310 [rtw89_core (HASH:1400 5)]\n __iterate_interfaces+0x59/0x110 [mac80211 (HASH:1400 6)]\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ? __pfx_rtw89_vif_rx_stats_iter+0x10/0x10 [rtw89_core (HASH:1400 5)]\n ieee80211_iterate_active_interfaces_atomic+0x36/0x50 [mac80211 (HASH:1400 6)]\n rtw89_core_rx_to_mac80211+0xfd/0x1b0 [rtw89_core (HASH:1400 5)]\n rtw89_core_rx+0x43a/0x980 [rtw89_core (HASH:1400 5)]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38646",
"url": "https://www.suse.com/security/cve/CVE-2025-38646"
},
{
"category": "external",
"summary": "SUSE Bug 1248577 for CVE-2025-38646",
"url": "https://bugzilla.suse.com/1248577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38646"
},
{
"cve": "CVE-2025-38650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: remove mutex_lock check in hfsplus_free_extents\n\nSyzbot reported an issue in hfsplus filesystem:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346\n\thfsplus_free_extents+0x700/0xad0\nCall Trace:\n\u003cTASK\u003e\nhfsplus_file_truncate+0x768/0xbb0 fs/hfsplus/extents.c:606\nhfsplus_write_begin+0xc2/0xd0 fs/hfsplus/inode.c:56\ncont_expand_zero fs/buffer.c:2383 [inline]\ncont_write_begin+0x2cf/0x860 fs/buffer.c:2446\nhfsplus_write_begin+0x86/0xd0 fs/hfsplus/inode.c:52\ngeneric_cont_expand_simple+0x151/0x250 fs/buffer.c:2347\nhfsplus_setattr+0x168/0x280 fs/hfsplus/inode.c:263\nnotify_change+0xe38/0x10f0 fs/attr.c:420\ndo_truncate+0x1fb/0x2e0 fs/open.c:65\ndo_sys_ftruncate+0x2eb/0x380 fs/open.c:193\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nTo avoid deadlock, Commit 31651c607151 (\"hfsplus: avoid deadlock\non file truncation\") unlock extree before hfsplus_free_extents(),\nand add check wheather extree is locked in hfsplus_free_extents().\n\nHowever, when operations such as hfsplus_file_release,\nhfsplus_setattr, hfsplus_unlink, and hfsplus_get_block are executed\nconcurrently in different files, it is very likely to trigger the\nWARN_ON, which will lead syzbot and xfstest to consider it as an\nabnormality.\n\nThe comment above this warning also describes one of the easy\ntriggering situations, which can easily trigger and cause\nxfstest\u0026syzbot to report errors.\n\n[task A]\t\t\t[task B]\n-\u003ehfsplus_file_release\n -\u003ehfsplus_file_truncate\n -\u003ehfs_find_init\n -\u003emutex_lock\n -\u003emutex_unlock\n\t\t\t\t-\u003ehfsplus_write_begin\n\t\t\t\t -\u003ehfsplus_get_block\n\t\t\t\t -\u003ehfsplus_file_extend\n\t\t\t\t -\u003ehfsplus_ext_read_extent\n\t\t\t\t -\u003ehfs_find_init\n\t\t\t\t\t -\u003emutex_lock\n -\u003ehfsplus_free_extents\n WARN_ON(mutex_is_locked) !!!\n\nSeveral threads could try to lock the shared extents tree.\nAnd warning can be triggered in one thread when another thread\nhas locked the tree. This is the wrong behavior of the code and\nwe need to remove the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38650",
"url": "https://www.suse.com/security/cve/CVE-2025-38650"
},
{
"category": "external",
"summary": "SUSE Bug 1248746 for CVE-2025-38650",
"url": "https://bugzilla.suse.com/1248746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38650"
},
{
"cve": "CVE-2025-38656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()\n\nPreserve the error code if iwl_setup_deferred_work() fails. The current\ncode returns ERR_PTR(0) (which is NULL) on this path. I believe the\nmissing error code potentially leads to a use after free involving\ndebugfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38656",
"url": "https://www.suse.com/security/cve/CVE-2025-38656"
},
{
"category": "external",
"summary": "SUSE Bug 1248643 for CVE-2025-38656",
"url": "https://bugzilla.suse.com/1248643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38656"
},
{
"cve": "CVE-2025-38663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: reject invalid file types when reading inodes\n\nTo prevent inodes with invalid file types from tripping through the vfs\nand causing malfunctions or assertion failures, add a missing sanity check\nwhen reading an inode from a block device. If the file type is not valid,\ntreat it as a filesystem error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38663",
"url": "https://www.suse.com/security/cve/CVE-2025-38663"
},
{
"category": "external",
"summary": "SUSE Bug 1248636 for CVE-2025-38663",
"url": "https://bugzilla.suse.com/1248636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38663"
},
{
"cve": "CVE-2025-38665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode\n\nAndrei Lalaev reported a NULL pointer deref when a CAN device is\nrestarted from Bus Off and the driver does not implement the struct\ncan_priv::do_set_mode callback.\n\nThere are 2 code path that call struct can_priv::do_set_mode:\n- directly by a manual restart from the user space, via\n can_changelink()\n- delayed automatic restart after bus off (deactivated by default)\n\nTo prevent the NULL pointer deference, refuse a manual restart or\nconfigure the automatic restart delay in can_changelink() and report\nthe error via extack to user space.\n\nAs an additional safety measure let can_restart() return an error if\ncan_priv::do_set_mode is not set instead of dereferencing it\nunchecked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38665",
"url": "https://www.suse.com/security/cve/CVE-2025-38665"
},
{
"category": "external",
"summary": "SUSE Bug 1248648 for CVE-2025-38665",
"url": "https://bugzilla.suse.com/1248648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38665"
},
{
"cve": "CVE-2025-38670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()\n\n`cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change\nto different stacks along with the Shadow Call Stack if it is enabled.\nThose two stack changes cannot be done atomically and both functions\ncan be interrupted by SErrors or Debug Exceptions which, though unlikely,\nis very much broken : if interrupted, we can end up with mismatched stacks\nand Shadow Call Stack leading to clobbered stacks.\n\nIn `cpu_switch_to()`, it can happen when SP_EL0 points to the new task,\nbut x18 stills points to the old task\u0027s SCS. When the interrupt handler\ntries to save the task\u0027s SCS pointer, it will save the old task\nSCS pointer (x18) into the new task struct (pointed to by SP_EL0),\nclobbering it.\n\nIn `call_on_irq_stack()`, it can happen when switching from the task stack\nto the IRQ stack and when switching back. In both cases, we can be\ninterrupted when the SCS pointer points to the IRQ SCS, but SP points to\nthe task stack. The nested interrupt handler pushes its return addresses\non the IRQ SCS. It then detects that SP points to the task stack,\ncalls `call_on_irq_stack()` and clobbers the task SCS pointer with\nthe IRQ SCS pointer, which it will also use !\n\nThis leads to tasks returning to addresses on the wrong SCS,\nor even on the IRQ SCS, triggering kernel panics via CONFIG_VMAP_STACK\nor FPAC if enabled.\n\nThis is possible on a default config, but unlikely.\nHowever, when enabling CONFIG_ARM64_PSEUDO_NMI, DAIF is unmasked and\ninstead the GIC is responsible for filtering what interrupts the CPU\nshould receive based on priority.\nGiven the goal of emulating NMIs, pseudo-NMIs can be received by the CPU\neven in `cpu_switch_to()` and `call_on_irq_stack()`, possibly *very*\nfrequently depending on the system configuration and workload, leading\nto unpredictable kernel panics.\n\nCompletely mask DAIF in `cpu_switch_to()` and restore it when returning.\nDo the same in `call_on_irq_stack()`, but restore and mask around\nthe branch.\nMask DAIF even if CONFIG_SHADOW_CALL_STACK is not enabled for consistency\nof behaviour between all configurations.\n\nIntroduce and use an assembly macro for saving and masking DAIF,\nas the existing one saves but only masks IF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38670",
"url": "https://www.suse.com/security/cve/CVE-2025-38670"
},
{
"category": "external",
"summary": "SUSE Bug 1248655 for CVE-2025-38670",
"url": "https://bugzilla.suse.com/1248655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38670"
},
{
"cve": "CVE-2025-38671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: qup: jump out of the loop in case of timeout\n\nOriginal logic only sets the return value but doesn\u0027t jump out of the\nloop if the bus is kept active by a client. This is not expected. A\nmalicious or buggy i2c client can hang the kernel in this case and\nshould be avoided. This is observed during a long time test with a\nPCA953x GPIO extender.\n\nFix it by changing the logic to not only sets the return value, but also\njumps out of the loop and return to the caller with -ETIMEDOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38671",
"url": "https://www.suse.com/security/cve/CVE-2025-38671"
},
{
"category": "external",
"summary": "SUSE Bug 1248652 for CVE-2025-38671",
"url": "https://bugzilla.suse.com/1248652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_52-rt-1-150600.1.3.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.52.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.52.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38671"
}
]
}
suse-su-2025:03283-1
Vulnerability from csaf_suse
Published
2025-09-19 17:49
Modified
2025-09-19 17:49
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#122824 bsc#1233640).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- Disable N_GSM (jsc#PED-8240, bsc#1244824).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
Patchnames
SUSE-2025-3283,SUSE-SLE-Micro-5.5-2025-3283
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).\n- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).\n- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).\n- CVE-2024-42265: protect the fetch of -\u003efd[fd] in do_dup2() from mispredictions (bsc#1229334).\n- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#122824 bsc#1233640).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).\n- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).\n- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).\n- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).\n- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).\n- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).\n\nThe following non-security bugs were fixed:\n\n- Disable N_GSM (jsc#PED-8240, bsc#1244824).\n- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).\n- NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).\n- kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3283,SUSE-SLE-Micro-5.5-2025-3283",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03283-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03283-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503283-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03283-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041785.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229334",
"url": "https://bugzilla.suse.com/1229334"
},
{
"category": "self",
"summary": "SUSE Bug 1233640",
"url": "https://bugzilla.suse.com/1233640"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1242780",
"url": "https://bugzilla.suse.com/1242780"
},
{
"category": "self",
"summary": "SUSE Bug 1244824",
"url": "https://bugzilla.suse.com/1244824"
},
{
"category": "self",
"summary": "SUSE Bug 1245110",
"url": "https://bugzilla.suse.com/1245110"
},
{
"category": "self",
"summary": "SUSE Bug 1245956",
"url": "https://bugzilla.suse.com/1245956"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1246211",
"url": "https://bugzilla.suse.com/1246211"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247518",
"url": "https://bugzilla.suse.com/1247518"
},
{
"category": "self",
"summary": "SUSE Bug 1247976",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "self",
"summary": "SUSE Bug 1248223",
"url": "https://bugzilla.suse.com/1248223"
},
{
"category": "self",
"summary": "SUSE Bug 1248297",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "self",
"summary": "SUSE Bug 1248306",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "self",
"summary": "SUSE Bug 1248312",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "self",
"summary": "SUSE Bug 1248338",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "self",
"summary": "SUSE Bug 1248511",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "self",
"summary": "SUSE Bug 1248614",
"url": "https://bugzilla.suse.com/1248614"
},
{
"category": "self",
"summary": "SUSE Bug 1248621",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "self",
"summary": "SUSE Bug 1248748",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49980 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50116 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53117 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42265 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38546 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38555 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38560 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38608 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-09-19T17:49:42Z",
"generator": {
"date": "2025-09-19T17:49:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03283-1",
"initial_release_date": "2025-09-19T17:49:42Z",
"revision_history": [
{
"date": "2025-09-19T17:49:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150500.13.106.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150500.13.106.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150500.13.106.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150500.13.106.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt-vdso-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt-vdso-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.106.1.x86_64",
"product_id": "kernel-rt_debug-vdso-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150500.13.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150500.13.106.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150500.13.106.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.14.21-150500.13.106.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch"
},
"product_reference": "kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150500.13.106.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150500.13.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150500.13.106.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150500.13.106.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free Read in usb_udc_uevent()\n\nThe syzbot fuzzer found a race between uevent callbacks and gadget\ndriver unregistration that can cause a use-after-free bug:\n\n---------------------------------------------------------------\nBUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130\ndrivers/usb/gadget/udc/core.c:1732\nRead of size 8 at addr ffff888078ce2050 by task udevd/2968\n\nCPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n06/29/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xbe/0x1f0 mm/kasan/report.c:495\n usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732\n dev_uevent+0x290/0x770 drivers/base/core.c:2424\n---------------------------------------------------------------\n\nThe bug occurs because usb_udc_uevent() dereferences udc-\u003edriver but\ndoes so without acquiring the udc_lock mutex, which protects this\nfield. If the gadget driver is unbound from the udc concurrently with\nuevent processing, the driver structure may be accessed after it has\nbeen deallocated.\n\nTo prevent the race, we make sure that the routine holds the mutex\naround the racing accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49980",
"url": "https://www.suse.com/security/cve/CVE-2022-49980"
},
{
"category": "external",
"summary": "SUSE Bug 1245110 for CVE-2022-49980",
"url": "https://bugzilla.suse.com/1245110"
},
{
"category": "external",
"summary": "SUSE Bug 1245111 for CVE-2022-49980",
"url": "https://bugzilla.suse.com/1245111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2022-49980"
},
{
"cve": "CVE-2022-50116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix deadlock and link starvation in outgoing data path\n\nThe current implementation queues up new control and user packets as needed\nand processes this queue down to the ldisc in the same code path.\nThat means that the upper and the lower layer are hard coupled in the code.\nDue to this deadlocks can happen as seen below while transmitting data,\nespecially during ldisc congestion. Furthermore, the data channels starve\nthe control channel on high transmission load on the ldisc.\n\nIntroduce an additional control channel data queue to prevent timeouts and\nlink hangups during ldisc congestion. This is being processed before the\nuser channel data queue in gsm_data_kick(), i.e. with the highest priority.\nPut the queue to ldisc data path into a workqueue and trigger it whenever\nnew data has been put into the transmission queue. Change\ngsm_dlci_data_sweep() accordingly to fill up the transmission queue until\nTX_THRESH_HI. This solves the locking issue, keeps latency low and provides\ngood performance on high data load.\nNote that now all packets from a DLCI are removed from the internal queue\nif the associated DLCI was closed. This ensures that no data is sent by the\nintroduced write task to an already closed DLCI.\n\nBUG: spinlock recursion on CPU#0, test_v24_loop/124\n lock: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0\nCPU: 0 PID: 124 Comm: test_v24_loop Tainted: G O 5.18.0-rc2 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x34/0x44\n do_raw_spin_lock+0x76/0xa0\n _raw_spin_lock_irqsave+0x72/0x80\n uart_write_room+0x3b/0xc0\n gsm_data_kick+0x14b/0x240 [n_gsm]\n gsmld_write_wakeup+0x35/0x70 [n_gsm]\n tty_wakeup+0x53/0x60\n tty_port_default_wakeup+0x1b/0x30\n serial8250_tx_chars+0x12f/0x220\n serial8250_handle_irq.part.0+0xfe/0x150\n serial8250_default_handle_irq+0x48/0x80\n serial8250_interrupt+0x56/0xa0\n __handle_irq_event_percpu+0x78/0x1f0\n handle_irq_event+0x34/0x70\n handle_fasteoi_irq+0x90/0x1e0\n __common_interrupt+0x69/0x100\n common_interrupt+0x48/0xc0\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:__do_softirq+0x83/0x34e\nCode: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d\ne2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff \u003c49\u003e c7 c2 40 61\n80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00\nRSP: 0018:ffffc90000003f98 EFLAGS: 00000286\nRAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7\nRBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000\n ? __do_softirq+0x73/0x34e\n irq_exit_rcu+0xb5/0x100\n common_interrupt+0xa4/0xc0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50\nCode: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff\n48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 \u003ce8\u003e 3d 97 33 ff\n65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44\nRSP: 0018:ffffc9000020fd08 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000\nRDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001\nRBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8\n ? _raw_spin_unlock_irqrestore+0x23/0x50\n gsmtty_write+0x65/0x80 [n_gsm]\n n_tty_write+0x33f/0x530\n ? swake_up_all+0xe0/0xe0\n file_tty_write.constprop.0+0x1b1/0x320\n ? n_tty_flush_buffer+0xb0/0xb0\n new_sync_write+0x10c/0x190\n vfs_write+0x282/0x310\n ksys_write+0x68/0xe0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f3e5e35c15c\nCode: 8b 7c 24 08 89 c5 e8 c5 ff ff ff 89 ef 89 44 24\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50116",
"url": "https://www.suse.com/security/cve/CVE-2022-50116"
},
{
"category": "external",
"summary": "SUSE Bug 1244824 for CVE-2022-50116",
"url": "https://bugzilla.suse.com/1244824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2022-50116"
},
{
"cve": "CVE-2023-53117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: prevent out-of-bounds array speculation when closing a file descriptor\n\nGoogle-Bug-Id: 114199369",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53117",
"url": "https://www.suse.com/security/cve/CVE-2023-53117"
},
{
"category": "external",
"summary": "SUSE Bug 1242780 for CVE-2023-53117",
"url": "https://bugzilla.suse.com/1242780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2023-53117"
},
{
"cve": "CVE-2024-42265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprotect the fetch of -\u003efd[fd] in do_dup2() from mispredictions\n\nboth callers have verified that fd is not greater than -\u003emax_fds;\nhowever, misprediction might end up with\n tofree = fdt-\u003efd[fd];\nbeing speculatively executed. That\u0027s wrong for the same reasons\nwhy it\u0027s wrong in close_fd()/file_close_fd_locked(); the same\nsolution applies - array_index_nospec(fd, fdt-\u003emax_fds) could differ\nfrom fd only in case of speculative execution on mispredicted path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42265",
"url": "https://www.suse.com/security/cve/CVE-2024-42265"
},
{
"category": "external",
"summary": "SUSE Bug 1229334 for CVE-2024-42265",
"url": "https://bugzilla.suse.com/1229334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2024-42265"
},
{
"cve": "CVE-2024-53093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: defer partition scanning\n\nWe need to suppress the partition scan from occuring within the\ncontroller\u0027s scan_work context. If a path error occurs here, the IO will\nwait until a path becomes available or all paths are torn down, but that\naction also occurs within scan_work, so it would deadlock. Defer the\npartion scan to a different context that does not block scan_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53093",
"url": "https://www.suse.com/security/cve/CVE-2024-53093"
},
{
"category": "external",
"summary": "SUSE Bug 1233640 for CVE-2024-53093",
"url": "https://bugzilla.suse.com/1233640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2024-53093"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-58239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: stop recv() if initial process_rx_list gave us non-DATA\n\nIf we have a non-DATA record on the rx_list and another record of the\nsame type still on the queue, we will end up merging them:\n - process_rx_list copies the non-DATA record\n - we start the loop and process the first available record since it\u0027s\n of the same type\n - we break out of the loop since the record was not DATA\n\nJust check the record type and jump to the end in case process_rx_list\ndid some work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58239",
"url": "https://www.suse.com/security/cve/CVE-2024-58239"
},
{
"category": "external",
"summary": "SUSE Bug 1248614 for CVE-2024-58239",
"url": "https://bugzilla.suse.com/1248614"
},
{
"category": "external",
"summary": "SUSE Bug 1248615 for CVE-2024-58239",
"url": "https://bugzilla.suse.com/1248615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2024-58239"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer\n\nThe reproduction steps:\n1. create a tun interface\n2. enable l2 bearer\n3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun\n\ntipc: Started in network mode\ntipc: Node identity 8af312d38a21, cluster identity 4711\ntipc: Enabled bearer \u003ceth:syz_tun\u003e, priority 1\nOops: general protection fault\nKASAN: null-ptr-deref in range\nCPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT\nHardware name: QEMU Ubuntu 24.04 PC\nRIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0\n\nthe ub was in fact a struct dev.\n\nwhen bid != 0 \u0026\u0026 skip_cnt != 0, bearer_list[bid] may be NULL or\nother media when other thread changes it.\n\nfix this by checking media_id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38184",
"url": "https://www.suse.com/security/cve/CVE-2025-38184"
},
{
"category": "external",
"summary": "SUSE Bug 1245956 for CVE-2025-38184",
"url": "https://bugzilla.suse.com/1245956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2025-38184"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix memory leak of struct clip_vcc.\n\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc-\u003euser_back.\n\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc-\u003epush() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\n\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc-\u003epush() in\natm_init_atmarp(), resulting in memory leak.\n\nLet\u0027s serialise two ioctl() by lock_sock() and check vcc-\u003epush()\nin atm_init_atmarp() to prevent memleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38546",
"url": "https://www.suse.com/security/cve/CVE-2025-38546"
},
{
"category": "external",
"summary": "SUSE Bug 1248223 for CVE-2025-38546",
"url": "https://bugzilla.suse.com/1248223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "moderate"
}
],
"title": "CVE-2025-38546"
},
{
"cve": "CVE-2025-38555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -\u003e composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev-\u003eos_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -\u003e composite_dev_cleanup():\nit will checks whether cdev-\u003eos_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38555",
"url": "https://www.suse.com/security/cve/CVE-2025-38555"
},
{
"category": "external",
"summary": "SUSE Bug 1248297 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248297"
},
{
"category": "external",
"summary": "SUSE Bug 1248298 for CVE-2025-38555",
"url": "https://bugzilla.suse.com/1248298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38555"
},
{
"cve": "CVE-2025-38560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Evict cache lines during SNP memory validation\n\nAn SNP cache coherency vulnerability requires a cache line eviction\nmitigation when validating memory after a page state change to private.\nThe specific mitigation is to touch the first and last byte of each 4K\npage that is being validated. There is no need to perform the mitigation\nwhen performing a page state change to shared and rescinding validation.\n\nCPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit\nthat, when set, indicates that the software mitigation for this\nvulnerability is not needed.\n\nImplement the mitigation and invoke it when validating memory (making it\nprivate) and the COHERENCY_SFW_NO bit is not set, indicating the SNP\nguest is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38560",
"url": "https://www.suse.com/security/cve/CVE-2025-38560"
},
{
"category": "external",
"summary": "SUSE Bug 1248312 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248312"
},
{
"category": "external",
"summary": "SUSE Bug 1248313 for CVE-2025-38560",
"url": "https://bugzilla.suse.com/1248313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38560"
},
{
"cve": "CVE-2025-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Prevent VMA split of buffer mappings\n\nThe perf mmap code is careful about mmap()\u0027ing the user page with the\nringbuffer and additionally the auxiliary buffer, when the event supports\nit. Once the first mapping is established, subsequent mapping have to use\nthe same offset and the same size in both cases. The reference counting for\nthe ringbuffer and the auxiliary buffer depends on this being correct.\n\nThough perf does not prevent that a related mapping is split via mmap(2),\nmunmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls,\nwhich take reference counts, but then the subsequent perf_mmap_close()\ncalls are not longer fulfilling the offset and size checks. This leads to\nreference count leaks.\n\nAs perf already has the requirement for subsequent mappings to match the\ninitial mapping, the obvious consequence is that VMA splits, caused by\nresizing of a mapping or partial unmapping, have to be prevented.\n\nImplement the vm_operations_struct::may_split() callback and return\nunconditionally -EINVAL.\n\nThat ensures that the mapping offsets and sizes cannot be changed after the\nfact. Remapping to a different fixed address with the same size is still\npossible as it takes the references for the new mapping and drops those of\nthe old mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38563",
"url": "https://www.suse.com/security/cve/CVE-2025-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1248306 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248306"
},
{
"category": "external",
"summary": "SUSE Bug 1248307 for CVE-2025-38563",
"url": "https://bugzilla.suse.com/1248307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38563"
},
{
"cve": "CVE-2025-38608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38608",
"url": "https://www.suse.com/security/cve/CVE-2025-38608"
},
{
"category": "external",
"summary": "SUSE Bug 1248338 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248338"
},
{
"category": "external",
"summary": "SUSE Bug 1248670 for CVE-2025-38608",
"url": "https://bugzilla.suse.com/1248670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38608"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.106.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.106.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.106.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T17:49:42Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
}
]
}
ghsa-cc85-5h45-qhc8
Vulnerability from github
Published
2025-08-11 18:31
Modified
2025-08-28 15:30
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to.
clone_private_mnt() checks the former, but not the latter.
There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.
{
"affected": [],
"aliases": [
"CVE-2025-38499"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-11T16:15:30Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"id": "GHSA-cc85-5h45-qhc8",
"modified": "2025-08-28T15:30:38Z",
"published": "2025-08-11T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38499"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36fecd740de2d542d2091d65d36554ee2bcf9c65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38628ae06e2a37770cd794802a3f1310cf9846e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c28f922c9dcee0e4876a2c095939d77fe7e15116"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d717325b5ecf2a40daca85c61923e17f32306179"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc6a664089f10eab0fb36b6e4f705022210191d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e77078e52fbf018ab986efb3c79065ab35025607"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…