Vulnerability-Lookup

SUSE-SU-2026:0352-1

Vulnerability from csaf_suse - Published: 2026-01-30 14:05 - Updated: 2026-01-30 14:05

Summary

Security update for the Linux Kernel

Notes

Title of the patch

Security update for the Linux Kernel

Description of the patch

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1253291 bsc#1253292). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).

Patchnames

SUSE-2026-352,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-352

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1253291 bsc#1253292).\n- CVE-2025-40215: kABI: xfrm: delete x-\u003etunnel as we delete x (bsc#1254959).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-352,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-352",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0352-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:0352-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260352-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:0352-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023998.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1207051",
        "url": "https://bugzilla.suse.com/1207051"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253291",
        "url": "https://bugzilla.suse.com/1253291"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253292",
        "url": "https://bugzilla.suse.com/1253292"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1254959",
        "url": "https://bugzilla.suse.com/1254959"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256053",
        "url": "https://bugzilla.suse.com/1256053"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256353",
        "url": "https://bugzilla.suse.com/1256353"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-23559 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-23559/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-54110 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-54110/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-54168 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-54168/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40018 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40215 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40215/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2026-01-30T14:05:23Z",
      "generator": {
        "date": "2026-01-30T14:05:23Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:0352-1",
      "initial_release_date": "2026-01-30T14:05:23Z",
      "revision_history": [
        {
          "date": "2026-01-30T14:05:23Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-docs-3.0.101-108.198.1.noarch",
                "product": {
                  "name": "kernel-docs-3.0.101-108.198.1.noarch",
                  "product_id": "kernel-docs-3.0.101-108.198.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-default-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-default-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-default-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-base-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-default-base-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-default-base-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-default-devel-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-default-devel-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-default-devel-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-ec2-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-ec2-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-base-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-ec2-base-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-ec2-base-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-ec2-devel-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-ec2-devel-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-ec2-devel-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-source-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-source-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-syms-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-syms-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-trace-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-trace-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-base-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-trace-base-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-trace-base-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-trace-devel-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-trace-devel-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-trace-devel-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-xen-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-xen-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-base-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-xen-base-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-xen-base-3.0.101-108.198.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-xen-devel-3.0.101-108.198.1.x86_64",
                "product": {
                  "name": "kernel-xen-devel-3.0.101-108.198.1.x86_64",
                  "product_id": "kernel-xen-devel-3.0.101-108.198.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss-extreme-core:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-default-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-base-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-default-base-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-default-devel-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-default-devel-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-docs-3.0.101-108.198.1.noarch as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch"
        },
        "product_reference": "kernel-docs-3.0.101-108.198.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-ec2-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-base-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-ec2-base-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-ec2-devel-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-ec2-devel-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-source-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-syms-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-trace-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-base-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-trace-base-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-trace-devel-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-trace-devel-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-xen-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-base-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-xen-base-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-xen-devel-3.0.101-108.198.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
        },
        "product_reference": "kernel-xen-devel-3.0.101-108.198.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23559",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-23559"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-23559",
          "url": "https://www.suse.com/security/cve/CVE-2023-23559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207051 for CVE-2023-23559",
          "url": "https://bugzilla.suse.com/1207051"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-30T14:05:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-23559"
    },
    {
      "cve": "CVE-2023-54110",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-54110"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: rndis_host: Secure rndis_query check against int overflow\n\nVariables off and len typed as uint32 in rndis_query function\nare controlled by incoming RNDIS response message thus their\nvalue may be manipulated. Setting off to a unexpectetly large\nvalue will cause the sum with len and 8 to overflow and pass\nthe implemented validation step. Consequently the response\npointer will be referring to a location past the expected\nbuffer boundaries allowing information leakage e.g. via\nRNDIS_OID_802_3_PERMANENT_ADDRESS OID.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-54110",
          "url": "https://www.suse.com/security/cve/CVE-2023-54110"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256353 for CVE-2023-54110",
          "url": "https://bugzilla.suse.com/1256353"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-30T14:05:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-54110"
    },
    {
      "cve": "CVE-2023-54168",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-54168"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Prevent shift wrapping in set_user_sq_size()\n\nThe ucmd-\u003elog_sq_bb_count variable is controlled by the user so this\nshift can wrap.  Fix it by using check_shl_overflow() in the same way\nthat it was done in commit 515f60004ed9 (\"RDMA/hns: Prevent undefined\nbehavior in hns_roce_set_user_sq_size()\").",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-54168",
          "url": "https://www.suse.com/security/cve/CVE-2023-54168"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256053 for CVE-2023-54168",
          "url": "https://bugzilla.suse.com/1256053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256054 for CVE-2023-54168",
          "url": "https://bugzilla.suse.com/1256054"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-30T14:05:23Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-54168"
    },
    {
      "cve": "CVE-2025-40018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40018",
          "url": "https://www.suse.com/security/cve/CVE-2025-40018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247374 for CVE-2025-40018",
          "url": "https://bugzilla.suse.com/1247374"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252688 for CVE-2025-40018",
          "url": "https://bugzilla.suse.com/1252688"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252689 for CVE-2025-40018",
          "url": "https://bugzilla.suse.com/1252689"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253291 for CVE-2025-40018",
          "url": "https://bugzilla.suse.com/1253291"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-30T14:05:23Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40018"
    },
    {
      "cve": "CVE-2025-40215",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40215"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: delete x-\u003etunnel as we delete x\n\nThe ipcomp fallback tunnels currently get deleted (from the various\nlists and hashtables) as the last user state that needed that fallback\nis destroyed (not deleted). If a reference to that user state still\nexists, the fallback state will remain on the hashtables/lists,\ntriggering the WARN in xfrm_state_fini. Because of those remaining\nreferences, the fix in commit f75a2804da39 (\"xfrm: destroy xfrm_state\nsynchronously on net exit path\") is not complete.\n\nWe recently fixed one such situation in TCP due to defered freeing of\nskbs (commit 9b6412e6979f (\"tcp: drop secpath at the same time as we\ncurrently drop dst\")). This can also happen due to IP reassembly: skbs\nwith a secpath remain on the reassembly queue until netns\ndestruction. If we can\u0027t guarantee that the queues are flushed by the\ntime xfrm_state_fini runs, there may still be references to a (user)\nxfrm_state, preventing the timely deletion of the corresponding\nfallback state.\n\nInstead of chasing each instance of skbs holding a secpath one by one,\nthis patch fixes the issue directly within xfrm, by deleting the\nfallback state as soon as the last user state depending on it has been\ndeleted. Destruction will still happen when the final reference is\ndropped.\n\nA separate lockdep class for the fallback state is required since\nwe\u0027re going to lock x-\u003etunnel while x is locked.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40215",
          "url": "https://www.suse.com/security/cve/CVE-2025-40215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1254959 for CVE-2025-40215",
          "url": "https://bugzilla.suse.com/1254959"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1255054 for CVE-2025-40215",
          "url": "https://bugzilla.suse.com/1255054"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.198.1.noarch",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.198.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.198.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-30T14:05:23Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40215"
    }
  ]
}

CVE-2023-54168 (GCVE-0-2023-54168)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:08 – Updated: 2025-12-30 12:08

Title

RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was done in commit 515f60004ed9 ("RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()").

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3d5ae269c4bd392ec…
	https://git.kernel.org/stable/c/8feca625900777e02…
	https://git.kernel.org/stable/c/9ad3221c86cc9c630…
	https://git.kernel.org/stable/c/9911be2155720221a…
	https://git.kernel.org/stable/c/3ce0df3493277b9df…
	https://git.kernel.org/stable/c/196a6df08b08699ac…
	https://git.kernel.org/stable/c/a183905869e692b6b…
	https://git.kernel.org/stable/c/d50b3c73f1ac20dab…

Impacted products

Vendor

Product

Version

Linux

Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < 3d5ae269c4bd392ec1edbfb3bd031b8f42d7feff (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < 8feca625900777e02a449e53fe4121339934c38a (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < 9ad3221c86cc9c6305594b742d4a72dfbd4ea579 (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < 9911be2155720221a4f1f722b22bd0e2388d8bcf (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < 3ce0df3493277b9df275cb8455d9c677ae701230 (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < 196a6df08b08699ace4ce70e1efcdd9081b6565f (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < a183905869e692b6b7805b7472235585eff8e429 (git)
Affected: 839041329fd3410e07d614f81e75bb43367d8f89 , < d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb (git)

Linux

Affected: 2.6.24
Unaffected: 0 , < 2.6.24 (semver)
Unaffected: 4.19.283 , ≤ 4.19.* (semver)
Unaffected: 5.4.243 , ≤ 5.4.* (semver)
Unaffected: 5.10.180 , ≤ 5.10.* (semver)
Unaffected: 5.15.111 , ≤ 5.15.* (semver)
Unaffected: 6.1.28 , ≤ 6.1.* (semver)
Unaffected: 6.2.15 , ≤ 6.2.* (semver)
Unaffected: 6.3.2 , ≤ 6.3.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/mlx4/qp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d5ae269c4bd392ec1edbfb3bd031b8f42d7feff",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "8feca625900777e02a449e53fe4121339934c38a",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "9ad3221c86cc9c6305594b742d4a72dfbd4ea579",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "9911be2155720221a4f1f722b22bd0e2388d8bcf",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "3ce0df3493277b9df275cb8455d9c677ae701230",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "196a6df08b08699ace4ce70e1efcdd9081b6565f",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "a183905869e692b6b7805b7472235585eff8e429",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            },
            {
              "lessThan": "d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb",
              "status": "affected",
              "version": "839041329fd3410e07d614f81e75bb43367d8f89",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/mlx4/qp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.243",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.283",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.243",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.111",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Prevent shift wrapping in set_user_sq_size()\n\nThe ucmd-\u003elog_sq_bb_count variable is controlled by the user so this\nshift can wrap.  Fix it by using check_shl_overflow() in the same way\nthat it was done in commit 515f60004ed9 (\"RDMA/hns: Prevent undefined\nbehavior in hns_roce_set_user_sq_size()\")."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:08:43.394Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d5ae269c4bd392ec1edbfb3bd031b8f42d7feff"
        },
        {
          "url": "https://git.kernel.org/stable/c/8feca625900777e02a449e53fe4121339934c38a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ad3221c86cc9c6305594b742d4a72dfbd4ea579"
        },
        {
          "url": "https://git.kernel.org/stable/c/9911be2155720221a4f1f722b22bd0e2388d8bcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ce0df3493277b9df275cb8455d9c677ae701230"
        },
        {
          "url": "https://git.kernel.org/stable/c/196a6df08b08699ace4ce70e1efcdd9081b6565f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a183905869e692b6b7805b7472235585eff8e429"
        },
        {
          "url": "https://git.kernel.org/stable/c/d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb"
        }
      ],
      "title": "RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54168",
    "datePublished": "2025-12-30T12:08:43.394Z",
    "dateReserved": "2025-12-30T12:06:44.495Z",
    "dateUpdated": "2025-12-30T12:08:43.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40018 (GCVE-0-2025-40018)

Vulnerability from cvelistv5 – Published: 2025-10-24 11:44 – Updated: 2025-12-01 06:16

Title

ipvs: Defer ip_vs_ftp unregister during netns cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8a6ecab3847c213ce…
	https://git.kernel.org/stable/c/421b1ae1574dfdda6…
	https://git.kernel.org/stable/c/1d79471414d7b9424…
	https://git.kernel.org/stable/c/53717f8a4347b78ea…
	https://git.kernel.org/stable/c/8cbe2a21d85727b66…
	https://git.kernel.org/stable/c/dc1a481359a72ee7e…
	https://git.kernel.org/stable/c/a343811ef138a2654…
	https://git.kernel.org/stable/c/134121bfd99a06d44…

Impacted products

Vendor

Product

Version

Linux

Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < 8a6ecab3847c213ce2855b0378e63ce839085de3 (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < 421b1ae1574dfdda68b835c15ac4921ec0030182 (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < 1d79471414d7b9424d699afff2aa79fff322f52d (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < 53717f8a4347b78eac6488072ad8e5adbaff38d9 (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < 8cbe2a21d85727b66d7c591fd5d83df0d8c4f757 (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < dc1a481359a72ee7e548f1f5da671282a7c13b8f (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < a343811ef138a265407167294275201621e9ebb2 (git)
Affected: 61b1ab4583e275af216c8454b9256de680499b19 , < 134121bfd99a06d44ef5ba15a9beb075297c0821 (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.195 , ≤ 5.15.* (semver)
Unaffected: 6.1.156 , ≤ 6.1.* (semver)
Unaffected: 6.6.112 , ≤ 6.6.* (semver)
Unaffected: 6.12.53 , ≤ 6.12.* (semver)
Unaffected: 6.17.3 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipvs/ip_vs_ftp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8a6ecab3847c213ce2855b0378e63ce839085de3",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "421b1ae1574dfdda68b835c15ac4921ec0030182",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "1d79471414d7b9424d699afff2aa79fff322f52d",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "53717f8a4347b78eac6488072ad8e5adbaff38d9",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "8cbe2a21d85727b66d7c591fd5d83df0d8c4f757",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "dc1a481359a72ee7e548f1f5da671282a7c13b8f",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "a343811ef138a265407167294275201621e9ebb2",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            },
            {
              "lessThan": "134121bfd99a06d44ef5ba15a9beb075297c0821",
              "status": "affected",
              "version": "61b1ab4583e275af216c8454b9256de680499b19",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipvs/ip_vs_ftp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.156",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.112",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.53",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.3",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:16:24.186Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8a6ecab3847c213ce2855b0378e63ce839085de3"
        },
        {
          "url": "https://git.kernel.org/stable/c/421b1ae1574dfdda68b835c15ac4921ec0030182"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d"
        },
        {
          "url": "https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821"
        }
      ],
      "title": "ipvs: Defer ip_vs_ftp unregister during netns cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40018",
    "datePublished": "2025-10-24T11:44:28.955Z",
    "dateReserved": "2025-04-16T07:20:57.152Z",
    "dateUpdated": "2025-12-01T06:16:24.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-23559 (GCVE-0-2023-23559)

Vulnerability from cvelistv5 – Published: 2023-01-13 00:00 – Updated: 2025-05-05 16:05

Summary

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://patchwork.kernel.org/project/linux-wirele…
	https://security.netapp.com/advisory/ntap-2023030…
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list
	https://git.kernel.org/cgit/linux/kernel/git/torv…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:33.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230302-0003/"
          },
          {
            "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:21.290984Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:05:27.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:41:20.856Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230302-0003/"
        },
        {
          "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-23559",
    "datePublished": "2023-01-13T00:00:00.000Z",
    "dateReserved": "2023-01-13T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:05:27.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-40215 (GCVE-0-2025-40215)

Vulnerability from cvelistv5 – Published: 2025-12-04 12:38 – Updated: 2026-01-19 12:18

Title

xfrm: delete x->tunnel as we delete x

Summary

In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a reference to that user state still exists, the fallback state will remain on the hashtables/lists, triggering the WARN in xfrm_state_fini. Because of those remaining references, the fix in commit f75a2804da39 ("xfrm: destroy xfrm_state synchronously on net exit path") is not complete. We recently fixed one such situation in TCP due to defered freeing of skbs (commit 9b6412e6979f ("tcp: drop secpath at the same time as we currently drop dst")). This can also happen due to IP reassembly: skbs with a secpath remain on the reassembly queue until netns destruction. If we can't guarantee that the queues are flushed by the time xfrm_state_fini runs, there may still be references to a (user) xfrm_state, preventing the timely deletion of the corresponding fallback state. Instead of chasing each instance of skbs holding a secpath one by one, this patch fixes the issue directly within xfrm, by deleting the fallback state as soon as the last user state depending on it has been deleted. Destruction will still happen when the final reference is dropped. A separate lockdep class for the fallback state is required since we're going to lock x->tunnel while x is locked.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1b28a7fae0128fa14…
	https://git.kernel.org/stable/c/4b2c17d0f9be8b58b…
	https://git.kernel.org/stable/c/0da961fa46da1b37e…
	https://git.kernel.org/stable/c/d0e0d109711846146…
	https://git.kernel.org/stable/c/dc3636912d4177046…
	https://git.kernel.org/stable/c/b441cf3f8c4b85766…

Impacted products

Vendor

Product

Version

Linux

Affected: 9d4139c76905833afcb77fe8ccc17f302a0eb9ab , < 1b28a7fae0128fa140a7dccd995182ff6cd1c67b (git)
Affected: 9d4139c76905833afcb77fe8ccc17f302a0eb9ab , < 4b2c17d0f9be8b58bb30468bc81a4b61c985b04e (git)
Affected: 9d4139c76905833afcb77fe8ccc17f302a0eb9ab , < 0da961fa46da1b37ef868d9b603bd202136f8f8e (git)
Affected: 9d4139c76905833afcb77fe8ccc17f302a0eb9ab , < d0e0d1097118461463b76562c7ebaabaa5b90b13 (git)
Affected: 9d4139c76905833afcb77fe8ccc17f302a0eb9ab , < dc3636912d41770466543623cb76e7b88fdb42c7 (git)
Affected: 9d4139c76905833afcb77fe8ccc17f302a0eb9ab , < b441cf3f8c4b8576639d20c8eb4aa32917602ecd (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.10.248 , ≤ 5.10.* (semver)
Unaffected: 5.15.198 , ≤ 5.15.* (semver)
Unaffected: 6.1.160 , ≤ 6.1.* (semver)
Unaffected: 6.6.120 , ≤ 6.6.* (semver)
Unaffected: 6.12.62 , ≤ 6.12.* (semver)
Unaffected: 6.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/xfrm.h",
            "net/ipv4/ipcomp.c",
            "net/ipv6/ipcomp6.c",
            "net/ipv6/xfrm6_tunnel.c",
            "net/xfrm/xfrm_ipcomp.c",
            "net/xfrm/xfrm_state.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1b28a7fae0128fa140a7dccd995182ff6cd1c67b",
              "status": "affected",
              "version": "9d4139c76905833afcb77fe8ccc17f302a0eb9ab",
              "versionType": "git"
            },
            {
              "lessThan": "4b2c17d0f9be8b58bb30468bc81a4b61c985b04e",
              "status": "affected",
              "version": "9d4139c76905833afcb77fe8ccc17f302a0eb9ab",
              "versionType": "git"
            },
            {
              "lessThan": "0da961fa46da1b37ef868d9b603bd202136f8f8e",
              "status": "affected",
              "version": "9d4139c76905833afcb77fe8ccc17f302a0eb9ab",
              "versionType": "git"
            },
            {
              "lessThan": "d0e0d1097118461463b76562c7ebaabaa5b90b13",
              "status": "affected",
              "version": "9d4139c76905833afcb77fe8ccc17f302a0eb9ab",
              "versionType": "git"
            },
            {
              "lessThan": "dc3636912d41770466543623cb76e7b88fdb42c7",
              "status": "affected",
              "version": "9d4139c76905833afcb77fe8ccc17f302a0eb9ab",
              "versionType": "git"
            },
            {
              "lessThan": "b441cf3f8c4b8576639d20c8eb4aa32917602ecd",
              "status": "affected",
              "version": "9d4139c76905833afcb77fe8ccc17f302a0eb9ab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/xfrm.h",
            "net/ipv4/ipcomp.c",
            "net/ipv6/ipcomp6.c",
            "net/ipv6/xfrm6_tunnel.c",
            "net/xfrm/xfrm_ipcomp.c",
            "net/xfrm/xfrm_state.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.248",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.62",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.248",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.198",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.160",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.120",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.62",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: delete x-\u003etunnel as we delete x\n\nThe ipcomp fallback tunnels currently get deleted (from the various\nlists and hashtables) as the last user state that needed that fallback\nis destroyed (not deleted). If a reference to that user state still\nexists, the fallback state will remain on the hashtables/lists,\ntriggering the WARN in xfrm_state_fini. Because of those remaining\nreferences, the fix in commit f75a2804da39 (\"xfrm: destroy xfrm_state\nsynchronously on net exit path\") is not complete.\n\nWe recently fixed one such situation in TCP due to defered freeing of\nskbs (commit 9b6412e6979f (\"tcp: drop secpath at the same time as we\ncurrently drop dst\")). This can also happen due to IP reassembly: skbs\nwith a secpath remain on the reassembly queue until netns\ndestruction. If we can\u0027t guarantee that the queues are flushed by the\ntime xfrm_state_fini runs, there may still be references to a (user)\nxfrm_state, preventing the timely deletion of the corresponding\nfallback state.\n\nInstead of chasing each instance of skbs holding a secpath one by one,\nthis patch fixes the issue directly within xfrm, by deleting the\nfallback state as soon as the last user state depending on it has been\ndeleted. Destruction will still happen when the final reference is\ndropped.\n\nA separate lockdep class for the fallback state is required since\nwe\u0027re going to lock x-\u003etunnel while x is locked."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-19T12:18:05.674Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1b28a7fae0128fa140a7dccd995182ff6cd1c67b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b2c17d0f9be8b58bb30468bc81a4b61c985b04e"
        },
        {
          "url": "https://git.kernel.org/stable/c/0da961fa46da1b37ef868d9b603bd202136f8f8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0e0d1097118461463b76562c7ebaabaa5b90b13"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc3636912d41770466543623cb76e7b88fdb42c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b441cf3f8c4b8576639d20c8eb4aa32917602ecd"
        }
      ],
      "title": "xfrm: delete x-\u003etunnel as we delete x",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40215",
    "datePublished": "2025-12-04T12:38:32.517Z",
    "dateReserved": "2025-04-16T07:20:57.179Z",
    "dateUpdated": "2026-01-19T12:18:05.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-54110 (GCVE-0-2023-54110)

Vulnerability from cvelistv5 – Published: 2025-12-24 13:06 – Updated: 2025-12-24 13:06

Title

usb: rndis_host: Secure rndis_query check against int overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries allowing information leakage e.g. via RNDIS_OID_802_3_PERMANENT_ADDRESS OID.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/55782f6d63a5a3dd3…
	https://git.kernel.org/stable/c/02ffb4ecf0614c58e…
	https://git.kernel.org/stable/c/ebe6d2fcf7835f98c…
	https://git.kernel.org/stable/c/232ef345e5d76e554…
	https://git.kernel.org/stable/c/11cd4ec6359d90b13…
	https://git.kernel.org/stable/c/39eadaf5611ddd064…
	https://git.kernel.org/stable/c/a713602807f32afc0…
	https://git.kernel.org/stable/c/c7dd13805f8b8fc1c…

Impacted products

Vendor

Product

Version

Linux

Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < 55782f6d63a5a3dd3b84c1e0627738fc5b146b4e (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < 02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0 (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < ebe6d2fcf7835f98cdbb1bd5e0414be20c321578 (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < 232ef345e5d76e5542f430a29658a85dbef07f0b (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < 11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95 (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < 39eadaf5611ddd064ad1c53da65c02d2b0fe22a4 (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < a713602807f32afc04add331410c77ef790ef77a (git)
Affected: ddda08624013e8435e9f7cfc34a35bd7b3520b6d , < c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 (git)

Linux

Affected: 2.6.22
Unaffected: 0 , < 2.6.22 (semver)
Unaffected: 4.14.303 , ≤ 4.14.* (semver)
Unaffected: 4.19.270 , ≤ 4.19.* (semver)
Unaffected: 5.4.229 , ≤ 5.4.* (semver)
Unaffected: 5.10.163 , ≤ 5.10.* (semver)
Unaffected: 5.15.87 , ≤ 5.15.* (semver)
Unaffected: 6.0.19 , ≤ 6.0.* (semver)
Unaffected: 6.1.5 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/rndis_host.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "55782f6d63a5a3dd3b84c1e0627738fc5b146b4e",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "ebe6d2fcf7835f98cdbb1bd5e0414be20c321578",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "232ef345e5d76e5542f430a29658a85dbef07f0b",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "39eadaf5611ddd064ad1c53da65c02d2b0fe22a4",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "a713602807f32afc04add331410c77ef790ef77a",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            },
            {
              "lessThan": "c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2",
              "status": "affected",
              "version": "ddda08624013e8435e9f7cfc34a35bd7b3520b6d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/rndis_host.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.19",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.5",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "2.6.22",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: rndis_host: Secure rndis_query check against int overflow\n\nVariables off and len typed as uint32 in rndis_query function\nare controlled by incoming RNDIS response message thus their\nvalue may be manipulated. Setting off to a unexpectetly large\nvalue will cause the sum with len and 8 to overflow and pass\nthe implemented validation step. Consequently the response\npointer will be referring to a location past the expected\nbuffer boundaries allowing information leakage e.g. via\nRNDIS_OID_802_3_PERMANENT_ADDRESS OID."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:06:33.495Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/55782f6d63a5a3dd3b84c1e0627738fc5b146b4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebe6d2fcf7835f98cdbb1bd5e0414be20c321578"
        },
        {
          "url": "https://git.kernel.org/stable/c/232ef345e5d76e5542f430a29658a85dbef07f0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95"
        },
        {
          "url": "https://git.kernel.org/stable/c/39eadaf5611ddd064ad1c53da65c02d2b0fe22a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a713602807f32afc04add331410c77ef790ef77a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2"
        }
      ],
      "title": "usb: rndis_host: Secure rndis_query check against int overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54110",
    "datePublished": "2025-12-24T13:06:33.495Z",
    "dateReserved": "2025-12-24T13:02:52.518Z",
    "dateUpdated": "2025-12-24T13:06:33.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:0352-1

CVE-2023-54168 (GCVE-0-2023-54168)

CVE-2025-40018 (GCVE-0-2025-40018)

CVE-2023-23559 (GCVE-0-2023-23559)

CVE-2025-40215 (GCVE-0-2025-40215)

CVE-2023-54110 (GCVE-0-2023-54110)

Tags

Sightings

Nomenclature