csaf_suse - suse-su-2025:4059-1

suse-su-2025:4059-1

Vulnerability from csaf_suse

Published

2025-11-11 18:36

Modified

2025-11-11 18:36

Summary

Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)

Description of the patch

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.103 fixes various security issues The following security issues were fixed: - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631). The following non security issue was fixed: - bsc#1249208: fix livepatching target module name (bsc#1252946)

Patchnames

SUSE-2025-4059,SUSE-2025-4060,SUSE-2025-4061,SUSE-SLE-Module-Live-Patching-15-SP4-2025-4059,SUSE-SLE-Module-Live-Patching-15-SP5-2025-4060

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.103 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631).\n\nThe following non security issue was fixed:\n\n- bsc#1249208: fix livepatching target module name (bsc#1252946)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-4059,SUSE-2025-4060,SUSE-2025-4061,SUSE-SLE-Module-Live-Patching-15-SP4-2025-4059,SUSE-SLE-Module-Live-Patching-15-SP5-2025-4060",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4059-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:4059-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254059-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:4059-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023252.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1246019",
        "url": "https://bugzilla.suse.com/1246019"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1248631",
        "url": "https://bugzilla.suse.com/1248631"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249207",
        "url": "https://bugzilla.suse.com/1249207"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249208",
        "url": "https://bugzilla.suse.com/1249208"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249847",
        "url": "https://bugzilla.suse.com/1249847"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252946",
        "url": "https://bugzilla.suse.com/1252946"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-50252 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-50252/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53164 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53164/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38617 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38617/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38618 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38618/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38664 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38664/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)",
    "tracking": {
      "current_release_date": "2025-11-11T18:36:30Z",
      "generator": {
        "date": "2025-11-11T18:36:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:4059-1",
      "initial_release_date": "2025-11-11T18:36:30Z",
      "revision_history": [
        {
          "date": "2025-11-11T18:36:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP4",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-50252",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-50252"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not free q_vector unless new one was allocated\n\nAvoid potential use-after-free condition under memory pressure. If the\nkzalloc() fails, q_vector will be freed but left in the original\nadapter-\u003eq_vector[v_idx] array position.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-50252",
          "url": "https://www.suse.com/security/cve/CVE-2022-50252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249846 for CVE-2022-50252",
          "url": "https://bugzilla.suse.com/1249846"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-11T18:36:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-50252"
    },
    {
      "cve": "CVE-2024-53164",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53164"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53164",
          "url": "https://www.suse.com/security/cve/CVE-2024-53164"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234863 for CVE-2024-53164",
          "url": "https://bugzilla.suse.com/1234863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246019 for CVE-2024-53164",
          "url": "https://bugzilla.suse.com/1246019"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-11T18:36:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-53164"
    },
    {
      "cve": "CVE-2025-38617",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38617"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38617",
          "url": "https://www.suse.com/security/cve/CVE-2025-38617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248621 for CVE-2025-38617",
          "url": "https://bugzilla.suse.com/1248621"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249208 for CVE-2025-38617",
          "url": "https://bugzilla.suse.com/1249208"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-11T18:36:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38617"
    },
    {
      "cve": "CVE-2025-38618",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38618"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38618",
          "url": "https://www.suse.com/security/cve/CVE-2025-38618"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248511 for CVE-2025-38618",
          "url": "https://bugzilla.suse.com/1248511"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249207 for CVE-2025-38618",
          "url": "https://bugzilla.suse.com/1249207"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-11T18:36:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38618"
    },
    {
      "cve": "CVE-2025-38664",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38664"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38664",
          "url": "https://www.suse.com/security/cve/CVE-2025-38664"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248628 for CVE-2025-38664",
          "url": "https://bugzilla.suse.com/1248628"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248631 for CVE-2025-38664",
          "url": "https://bugzilla.suse.com/1248631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-11T18:36:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38664"
    }
  ]
}

CVE-2024-53164 (GCVE-0-2024-53164)

Vulnerability from cvelistv5

Published

2024-12-27 13:38

Modified

2025-11-03 20:46

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.

References

URL

Tags

	https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648
	https://git.kernel.org/stable/c/5e473f462a16f1a34e49ea4289a667d2e4f35b52
	https://git.kernel.org/stable/c/33db36b3c53d0fda2699ea39ba72bee4de8336e8
	https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025
	https://git.kernel.org/stable/c/97e13434b5da8e91bdf965352fad2141d13d72d3
	https://git.kernel.org/stable/c/e3e54ad9eff8bdaa70f897e5342e34b76109497f
	https://git.kernel.org/stable/c/5eb7de8cd58e73851cd37ff8d0666517d9926948

Impacted products

Vendor

Product

Version

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:55.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_cake.c",
            "net/sched/sch_choke.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "44782565e1e6174c94bddfa72ac7267cd09c1648",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5e473f462a16f1a34e49ea4289a667d2e4f35b52",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "33db36b3c53d0fda2699ea39ba72bee4de8336e8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "489422e2befff88a1de52b2acebe7b333bded025",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "97e13434b5da8e91bdf965352fad2141d13d72d3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e3e54ad9eff8bdaa70f897e5342e34b76109497f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5eb7de8cd58e73851cd37ff8d0666517d9926948",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_cake.c",
            "net/sched/sch_choke.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.289",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.233",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.176",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.122",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.68",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:38.982Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e473f462a16f1a34e49ea4289a667d2e4f35b52"
        },
        {
          "url": "https://git.kernel.org/stable/c/33db36b3c53d0fda2699ea39ba72bee4de8336e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025"
        },
        {
          "url": "https://git.kernel.org/stable/c/97e13434b5da8e91bdf965352fad2141d13d72d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3e54ad9eff8bdaa70f897e5342e34b76109497f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5eb7de8cd58e73851cd37ff8d0666517d9926948"
        }
      ],
      "title": "net: sched: fix ordering of qlen adjustment",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53164",
    "datePublished": "2024-12-27T13:38:43.407Z",
    "dateReserved": "2024-11-19T17:17:25.004Z",
    "dateUpdated": "2025-11-03T20:46:55.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-50252 (GCVE-0-2022-50252)

Vulnerability from cvelistv5

Published

2025-09-15 14:02

Modified

2025-09-15 14:02

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the original adapter->q_vector[v_idx] array position.

References

URL

Tags

	https://git.kernel.org/stable/c/64ca1969599857143e91aeec4440640656100803
	https://git.kernel.org/stable/c/0200f0fbb11e359cc35af72ab10b2ec224e6f633
	https://git.kernel.org/stable/c/68e8adbcaf7a8743e473343b38b9dad66e2ac6f3
	https://git.kernel.org/stable/c/f96bd8adc8adde25390965a8c1ee81b73cb62075
	https://git.kernel.org/stable/c/3cb18dea11196fb4a06f78294cec5e61985e1aff
	https://git.kernel.org/stable/c/314f7092b27749bdde44c14095b5533afa2a3bc8
	https://git.kernel.org/stable/c/6e399577bd397a517df4b938601108c63769ce0a
	https://git.kernel.org/stable/c/56483aecf6b22eb7dff6315b3a174688c6ad494c
	https://git.kernel.org/stable/c/0668716506ca66f90d395f36ccdaebc3e0e84801

Impacted products

Vendor

Product

Version

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "64ca1969599857143e91aeec4440640656100803",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0200f0fbb11e359cc35af72ab10b2ec224e6f633",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "68e8adbcaf7a8743e473343b38b9dad66e2ac6f3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f96bd8adc8adde25390965a8c1ee81b73cb62075",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3cb18dea11196fb4a06f78294cec5e61985e1aff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "314f7092b27749bdde44c14095b5533afa2a3bc8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6e399577bd397a517df4b938601108c63769ce0a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "56483aecf6b22eb7dff6315b3a174688c6ad494c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0668716506ca66f90d395f36ccdaebc3e0e84801",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not free q_vector unless new one was allocated\n\nAvoid potential use-after-free condition under memory pressure. If the\nkzalloc() fails, q_vector will be freed but left in the original\nadapter-\u003eq_vector[v_idx] array position."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:02:30.980Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/64ca1969599857143e91aeec4440640656100803"
        },
        {
          "url": "https://git.kernel.org/stable/c/0200f0fbb11e359cc35af72ab10b2ec224e6f633"
        },
        {
          "url": "https://git.kernel.org/stable/c/68e8adbcaf7a8743e473343b38b9dad66e2ac6f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f96bd8adc8adde25390965a8c1ee81b73cb62075"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cb18dea11196fb4a06f78294cec5e61985e1aff"
        },
        {
          "url": "https://git.kernel.org/stable/c/314f7092b27749bdde44c14095b5533afa2a3bc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e399577bd397a517df4b938601108c63769ce0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/56483aecf6b22eb7dff6315b3a174688c6ad494c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0668716506ca66f90d395f36ccdaebc3e0e84801"
        }
      ],
      "title": "igb: Do not free q_vector unless new one was allocated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50252",
    "datePublished": "2025-09-15T14:02:30.980Z",
    "dateReserved": "2025-09-15T13:58:00.973Z",
    "dateUpdated": "2025-09-15T14:02:30.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-38618 (GCVE-0-2025-38618)

Vulnerability from cvelistv5

Published

2025-08-22 13:01

Modified

2025-11-03 17:40

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.

References

URL

Tags

	https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de
	https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386
	https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79
	https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3
	https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7
	https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865
	https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1
	https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87
	https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4

Impacted products

Vendor

Product

Version

Linux

Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238

Linux

Version: 3.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:30.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c04a2c1ca25b9b23104124d3b2d349d934e302de",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "d1a5b1964cef42727668ac0d8532dae4f8c19386",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "cf86704798c1b9c46fa59dfc2d662f57d1394d79",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "f138be5d7f301fddad4e65ec66dfc3ceebf79be3",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "44bd006d5c93f6a8f28b106cbae2428c5d0275b7",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "32950b1907919be86a7a2697d6f93d57068b3865",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "8f01093646b49f6330bb2d36761983fd829472b1",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "d73960f0cf03ef1dc9e96ec7a20e538accc26d87",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "aba0c94f61ec05315fa7815d21aefa4c87f6a9f4",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:54:53.408Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79"
        },
        {
          "url": "https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3"
        },
        {
          "url": "https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87"
        },
        {
          "url": "https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4"
        }
      ],
      "title": "vsock: Do not allow binding to VMADDR_PORT_ANY",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38618",
    "datePublished": "2025-08-22T13:01:24.678Z",
    "dateReserved": "2025-04-16T04:51:24.029Z",
    "dateUpdated": "2025-11-03T17:40:30.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-38664 (GCVE-0-2025-38664)

Vulnerability from cvelistv5

Published

2025-08-22 16:02

Modified

2025-11-03 17:40

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

References

URL

Tags

	https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782
	https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede
	https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15
	https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b
	https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535
	https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7
	https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca
	https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36

Impacted products

Vendor

Product

Version

Linux

Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445

Linux

Version: 5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:50.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_ddp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35370d3b44efe194fd5ad55bac987e629597d782",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "435462f8ab2b9c5340a5414ce02f70117d0cfede",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "7c5a13c76dd37e9e4f8d48b87376a54f4399ce15",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "3028f2a4e746b499043bbb8ab816f975473a0535",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "6d640a8ea62435a7f6f89869bee4fa99423d07ca",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "4ff12d82dac119b4b99b5a78b5af3bf2474c0a36",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_ddp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.101",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.41",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:44:32.084Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782"
        },
        {
          "url": "https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36"
        }
      ],
      "title": "ice: Fix a null pointer dereference in ice_copy_and_init_pkg()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38664",
    "datePublished": "2025-08-22T16:02:56.707Z",
    "dateReserved": "2025-04-16T04:51:24.031Z",
    "dateUpdated": "2025-11-03T17:40:50.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-38617 (GCVE-0-2025-38617)

Vulnerability from cvelistv5

Published

2025-08-22 13:01

Modified

2025-11-03 17:40

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

References

URL

Tags

	https://git.kernel.org/stable/c/18f13f2a83eb81be349a9757ba2141ff1da9ad73
	https://git.kernel.org/stable/c/7da733f117533e9b2ebbd530a22ae4028713955c
	https://git.kernel.org/stable/c/ba2257034755ae773722f15f4c3ad1dcdad15ca9
	https://git.kernel.org/stable/c/7de07705007c7e34995a5599aaab1d23e762d7ca
	https://git.kernel.org/stable/c/88caf46db8239e6471413d28aabaa6b8bd552805
	https://git.kernel.org/stable/c/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df
	https://git.kernel.org/stable/c/e50ccfaca9e3c671cae917dcb994831a859cf588
	https://git.kernel.org/stable/c/f1791fd7b845bea0ce9674fcf2febee7bc87a893
	https://git.kernel.org/stable/c/01d3c8417b9c1b884a8a981a3b886da556512f36

Impacted products

Vendor

Product

Version

Linux

Version: 2.6.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:28.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/packet/af_packet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "18f13f2a83eb81be349a9757ba2141ff1da9ad73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7da733f117533e9b2ebbd530a22ae4028713955c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ba2257034755ae773722f15f4c3ad1dcdad15ca9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7de07705007c7e34995a5599aaab1d23e762d7ca",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "88caf46db8239e6471413d28aabaa6b8bd552805",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f2e8fcfd2b1bc754920108b7f2cd75082c5a18df",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e50ccfaca9e3c671cae917dcb994831a859cf588",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f1791fd7b845bea0ce9674fcf2febee7bc87a893",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "01d3c8417b9c1b884a8a981a3b886da556512f36",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/packet/af_packet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:54:52.280Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/18f13f2a83eb81be349a9757ba2141ff1da9ad73"
        },
        {
          "url": "https://git.kernel.org/stable/c/7da733f117533e9b2ebbd530a22ae4028713955c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba2257034755ae773722f15f4c3ad1dcdad15ca9"
        },
        {
          "url": "https://git.kernel.org/stable/c/7de07705007c7e34995a5599aaab1d23e762d7ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/88caf46db8239e6471413d28aabaa6b8bd552805"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df"
        },
        {
          "url": "https://git.kernel.org/stable/c/e50ccfaca9e3c671cae917dcb994831a859cf588"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1791fd7b845bea0ce9674fcf2febee7bc87a893"
        },
        {
          "url": "https://git.kernel.org/stable/c/01d3c8417b9c1b884a8a981a3b886da556512f36"
        }
      ],
      "title": "net/packet: fix a race in packet_set_ring() and packet_notifier()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38617",
    "datePublished": "2025-08-22T13:01:23.963Z",
    "dateReserved": "2025-04-16T04:51:24.029Z",
    "dateUpdated": "2025-11-03T17:40:28.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:4059-1

Vulnerability from csaf_suse

CVE-2024-53164 (GCVE-0-2024-53164)

Vulnerability from cvelistv5

CVE-2022-50252 (GCVE-0-2022-50252)

Vulnerability from cvelistv5

CVE-2025-38618 (GCVE-0-2025-38618)

Vulnerability from cvelistv5

CVE-2025-38664 (GCVE-0-2025-38664)

Vulnerability from cvelistv5

CVE-2025-38617 (GCVE-0-2025-38617)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature